Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
File Path: C:\eclipse-addons\jdk\jdk32-1.7.0_80\jre\..\lib\tools.jar
MD5: 3c9c8e7d13528226f2074eb2c9be8514
SHA1: 87ef926d89f721c1583d06110dd990fd8f3a3690
Referenced In Project:
dependency-plugin-tracker
Description:
A framework for constructing recognizers, compilers,
and translators from grammatical descriptions containing
Java, C#, C++, or Python actions.
License:
BSD License: http://www.antlr.org/license.htmlFile Path: C:\Users\Jeremy\.m2\repository\antlr\antlr\2.7.7\antlr-2.7.7.jar
Description: AOP Alliance
License:
Public DomainFile Path: C:\Users\Jeremy\.m2\repository\aopalliance\aopalliance\1.0\aopalliance-1.0.jar
File Path: C:\Users\Jeremy\.m2\repository\asm\asm\3.3.1\asm-3.3.1.jar
MD5: 1ad1e8959324b0f680b8e62406955642
SHA1: 1d5f20b4ea675e6fab6ab79f1cd60ec268ddc015
Referenced In Project:
dependency-plugin-tracker
Description: Dawid Kurzyniec's backport of JSR 166
License:
Public Domain: http://creativecommons.org/licenses/publicdomainFile Path: C:\Users\Jeremy\.m2\repository\backport-util-concurrent\backport-util-concurrent\3.1\backport-util-concurrent-3.1.jar
Description: Code generation library
License:
ASF 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\cglib\cglib\2.2.2\cglib-2.2.2.jar
Description: Ganymed SSH2 for Java is a library which implements the SSH-2 protocol in pure Java
License:
BSD style license: http://www.ganymed.ethz.ch/ssh2/LICENSE.txtFile Path: C:\Users\Jeremy\.m2\repository\ch\ethz\ganymed\ganymed-ssh2\build210\ganymed-ssh2-build210.jar
File Path: C:\Users\Jeremy\.m2\repository\classworlds\classworlds\1.1\classworlds-1.1.jar
MD5: c20629baa65f1f2948b37aa393b0310b
SHA1: 60c708f55deeb7c5dfce8a7886ef09cbc1388eca
Referenced In Project:
dependency-plugin-tracker
Description: the prefuse visualization toolkit
License:
Apple License: http://developer.apple.com/library/mac/#samplecode/AppleJavaExtensions/Listings/README_txt.html#//apple_ref/doc/uid/DTS10000677-README_txt-DontLinkElementID_3File Path: C:\Users\Jeremy\.m2\repository\com\apple\AppleJavaExtensions\1.4\AppleJavaExtensions-1.4.jar
Severity:
Medium
CVSS Score: 6.8
CWE: CWE-399 Resource Management Errors
Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 do not properly handle mediaLibImage objects, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted applet, related to the com.sun.medialib.mlib package.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 6.8
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
Vulnerable Software & Versions: (show all)
Description: A Java framework to parse command line options with annotations.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\com\beust\jcommander\1.35\jcommander-1.35.jar
Description: Core annotations used for value types, used by Jackson data binding package.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\com\fasterxml\jackson\core\jackson-annotations\2.4.2\jackson-annotations-2.4.2.jar
Description: Core Jackson abstractions, basic JSON streaming API implementation
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\com\fasterxml\jackson\core\jackson-core\2.4.2\jackson-core-2.4.2.jar
Description: General data-binding functionality for Jackson: works on core streaming API
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\com\fasterxml\jackson\core\jackson-databind\2.5.1\jackson-databind-2.5.1.jar
Description: Core library for GitHub Maven plugins
File Path: C:\Users\Jeremy\.m2\repository\com\github\github\github-maven-core\0.12\github-maven-core-0.12.jar
MD5: a3192f5399998791b6f0afe9dd0a70a1
SHA1: e1088983abd587e59e007a33f3cd976f1689aed7
Referenced In Project:
dependency-plugin-tracker
Description: Maven plugin that commits files to a branch in a GitHub repository
File Path: C:\Users\Jeremy\.m2\repository\com\github\github\site-maven-plugin\0.12\site-maven-plugin-0.12.jar
MD5: e24ebeccb9242ab5d2bf689689e8cb10
SHA1: f6e434775940d6091b01e40d806643102da347fe
Referenced In Project:
dependency-plugin-tracker
Description: Apache Commons Bytecode Engineering Library
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\com\google\code\findbugs\bcel-findbugs\6.0\bcel-findbugs-6.0.jar
Description: Findbugs: Because it's easy!
License:
GNU Lesser Public License: http://www.gnu.org/licenses/lgpl.htmlFile Path: C:\Users\Jeremy\.m2\repository\com\google\code\findbugs\findbugs\3.0.1\findbugs-3.0.1.jar
Description: jFormatString for Findbugs
License:
GNU Lesser Public License: http://www.gnu.org/licenses/lgpl.htmlFile Path: C:\Users\Jeremy\.m2\repository\com\google\code\findbugs\jFormatString\2.0.1\jFormatString-2.0.1.jar
Description: JSR305 Annotations for Findbugs
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\com\google\code\findbugs\jsr305\2.0.3\jsr305-2.0.3.jar
Description: Google Gson library
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\com\google\code\gson\gson\2.2.2\gson-2.2.2.jar
Description: This provider use a non ASL license compatible library (svnkit http://svnkit.com/).
License:
ASF: http://www.apache.org/licenses/LICENSE-2.0File Path: C:\Users\Jeremy\.m2\repository\com\google\code\maven-scm-provider-svnjava\maven-scm-provider-svnjava\1.13\maven-scm-provider-svnjava-1.13.jar
Description: Google Collections Library is a suite of new collections and collection-related goodness for Java 5.0
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\com\google\collections\google-collections\1.0\google-collections-1.0.jar
Description:
Guava is a suite of core and expanded libraries that include
utility classes, google's collections, io classes, and much
much more.
Guava has only one code dependency - javax.annotation,
per the JSR-305 spec.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\com\google\guava\guava\18.0\guava-18.0.jar
Description: HtmlCompressor is a small, fast and very easy to use Java library that minifies given HTML or XML source by removing extra whitespaces, comments and other unneeded characters without breaking the content structure. As a result pages become smaller in size and load faster. A command-line version of the compressor is also available.
License:
Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0File Path: C:\Users\Jeremy\.m2\repository\com\googlecode\htmlcompressor\htmlcompressor\1.5.2\htmlcompressor-1.5.2.jar
Description: The bit array data structure is implemented in Java as the BitSet class. Unfortunately, this fails to scale without compression.
JavaEWAH is a word-aligned compressed variant of the Java bitset class. It uses a 64-bit run-length encoding (RLE) compression scheme.
The goal of word-aligned compression is not to achieve the best compression, but rather to improve query processing time. Hence, we try to save CPU cycles, maybe at the expense of storage. However, the EWAH scheme we implemented is always more efficient storage-wise than an uncompressed bitmap (implemented in Java as the BitSet class). Unlike some alternatives, javaewah does not rely on a patented scheme.
License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\com\googlecode\javaewah\JavaEWAH\0.7.9\JavaEWAH-0.7.9.jar
Description:
A set of annotations used for code inspection support and code documentation.
License:
Apache License 2: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\com\intellij\annotations\12.0\annotations-12.0.jar
Description: a proxy to ssh-agent and Pageant in Java
License:
http://www.jcraft.com/jsch-agent-proxy/LICENSE.txtFile Path: C:\Users\Jeremy\.m2\repository\com\jcraft\jsch.agentproxy.connector-factory\0.0.6\jsch.agentproxy.connector-factory-0.0.6.jar
Description: a proxy to ssh-agent and Pageant in Java
License:
http://www.jcraft.com/jsch-agent-proxy/LICENSE.txtFile Path: C:\Users\Jeremy\.m2\repository\com\jcraft\jsch.agentproxy.core\0.0.6\jsch.agentproxy.core-0.0.6.jar
File Path: C:\Users\Jeremy\.m2\repository\com\jcraft\jsch.agentproxy.jsch\0.0.6\jsch.agentproxy.jsch-0.0.6.jar
MD5: f4fbe0730e25cd4c72b93b39508ac8e3
SHA1: aee40b481ad104a578584335b4859e49d4be4f7a
Referenced In Project:
dependency-plugin-tracker
Description: a proxy to ssh-agent and Pageant in Java
License:
http://www.jcraft.com/jsch-agent-proxy/LICENSE.txtFile Path: C:\Users\Jeremy\.m2\repository\com\jcraft\jsch.agentproxy.pageant\0.0.6\jsch.agentproxy.pageant-0.0.6.jar
Description: a proxy to ssh-agent and Pageant in Java
License:
http://www.jcraft.com/jsch-agent-proxy/LICENSE.txtFile Path: C:\Users\Jeremy\.m2\repository\com\jcraft\jsch.agentproxy.sshagent\0.0.6\jsch.agentproxy.sshagent-0.0.6.jar
Description: a proxy to ssh-agent and Pageant in Java
License:
http://www.jcraft.com/jsch-agent-proxy/LICENSE.txtFile Path: C:\Users\Jeremy\.m2\repository\com\jcraft\jsch.agentproxy.usocket-jna\0.0.6\jsch.agentproxy.usocket-jna-0.0.6.jar
Description: a proxy to ssh-agent and Pageant in Java
License:
http://www.jcraft.com/jsch-agent-proxy/LICENSE.txtFile Path: C:\Users\Jeremy\.m2\repository\com\jcraft\jsch.agentproxy.usocket-nc\0.0.6\jsch.agentproxy.usocket-nc-0.0.6.jar
Description: JSch is a pure Java implementation of SSH2
License:
Revised BSD: http://www.jcraft.com/jsch/LICENSE.txtFile Path: C:\Users\Jeremy\.m2\repository\com\jcraft\jsch\0.1.50\jsch-0.1.50.jar
Description: MKS Integrity - Java API
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\com\mks\api\mksapi-jar\4.10.9049\mksapi-jar-4.10.9049.jar
Description: Maven 2 plugin to check and update license headers in source files
File Path: C:\Users\Jeremy\.m2\repository\com\mycila\license-maven-plugin\2.11\license-maven-plugin-2.11.jar
MD5: b79fad441f259d7d118f8197c457fef4
SHA1: fa78f54738ccf77379d1bd05fae56df2e8c9d38b
Referenced In Project:
dependency-plugin-tracker
Description: Parent POM
License:
http://www.apache.org/licenses/LICENSE-2.0.htmlFile Path: C:\Users\Jeremy\.m2\repository\com\mycila\mycila-xmltool\4.4.ga\mycila-xmltool-4.4.ga.jar
Description: Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard
License:
GNU Lesser General Public License: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.txtFile Path: C:\Users\Jeremy\.m2\repository\com\puppycrawl\tools\checkstyle\6.2\checkstyle-6.2.jar
Description:
QDox is a high speed, small footprint parser for extracting class/interface/method definitions from source files
complete with JavaDoc @tags. It is designed to be used by active code generators or documentation tools.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\com\thoughtworks\qdox\qdox\1.12.1\qdox-1.12.1.jar
File Path: C:\Users\Jeremy\.m2\repository\com\thoughtworks\xstream\xstream\1.4.4\xstream-1.4.4.jar
MD5: 4b2a6d156777975a7d15fe53a1c37fe7
SHA1: 488e9e4a47afc81d2b2dec3c3eb3a4d0f10fe105
Referenced In Project:
dependency-plugin-tracker
Description: Maven HTMLCompressor Plugin allows to compress html/xml by adding a few lines to the pom file.
License:
Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0File Path: C:\Users\Jeremy\.m2\repository\com\tunyk\mvn\plugins\htmlcompressor\htmlcompressor-maven-plugin\1.3\htmlcompressor-maven-plugin-1.3.jar
Description:
The YUI Compressor is a JavaScript compressor which, in addition to removing
comments and white-spaces, obfuscates local variables using the smallest
possible variable name. This obfuscation is safe, even when using constructs
such as 'eval' or 'with' (although the compression is not optimal is those
cases) Compared to jsmin, the average savings is around 20%.
License:
BSD License: http://developer.yahoo.com/yui/license.htmlFile Path: C:\Users\Jeremy\.m2\repository\com\yahoo\platform\yui\yuicompressor\2.4.6\yuicompressor-2.4.6.jar
File Path: C:\Users\Jeremy\.m2\repository\commons-beanutils\commons-beanutils-core\1.8.3\commons-beanutils-core-1.8.3.jar
MD5: 944f66e681239c8353e8497920f1e5d3
SHA1: 75812698e5e859f2cb587c622c4cdfcd61676426
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\commons-beanutils\commons-beanutils\1.7.0\commons-beanutils-1.7.0.jar
MD5: 0f18acf5fa857f9959675e14d901a7ce
SHA1: 5675fd96b29656504b86029551973d60fb41339b
Referenced In Project:
dependency-plugin-tracker
Description: An implmentation of the GoF Chain of Responsibility pattern
License:
The Apache Software License, Version 2.0: /LICENSE.txtFile Path: C:\Users\Jeremy\.m2\repository\commons-chain\commons-chain\1.1\commons-chain-1.1.jar
Description:
Commons CLI provides a simple API for presenting, processing and validating a command line interface.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\commons-cli\commons-cli\1.2\commons-cli-1.2.jar
Description:
The codec package contains simple encoder and decoders for
various formats such as Base64 and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\commons-codec\commons-codec\1.6\commons-codec-1.6.jar
Description: Types that extend and augment the Java Collections Framework.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\commons-collections\commons-collections\3.2.1\commons-collections-3.2.1.jar
Description: The Digester package lets you configure an XML->Java object mapping module
which triggers certain actions called rules whenever a particular
pattern of nested XML elements is recognized.
License:
The Apache Software License, Version 2.0: /LICENSE.txtFile Path: C:\Users\Jeremy\.m2\repository\commons-digester\commons-digester\1.8\commons-digester-1.8.jar
Description:
The Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\commons-io\commons-io\2.2\commons-io-2.2.jar
Description:
Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\commons-lang\commons-lang\2.6\commons-lang-2.6.jar
Description: Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems.
License:
The Apache Software License, Version 2.0: /LICENSE.txtFile Path: C:\Users\Jeremy\.m2\repository\commons-logging\commons-logging-api\1.1\commons-logging-api-1.1.jar
Description: Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems.
File Path: C:\Users\Jeremy\.m2\repository\commons-logging\commons-logging\1.1.1\commons-logging-1.1.1.jar
MD5: ed448347fc0104034aa14c8189bf37de
SHA1: 5043bfebc3db072ed80fbd362e7caf00e885d8ae
Referenced In Project:
dependency-plugin-tracker
Description:
Commons Validator provides the building blocks for both client side validation and server side data validation.
It may be used standalone or with a framework like Struts.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\commons-validator\commons-validator\1.4.0\commons-validator-1.4.0.jar
Description: dom4j: the flexible XML framework for Java
File Path: C:\Users\Jeremy\.m2\repository\dom4j\dom4j\1.6.1\dom4j-1.6.1.jar
MD5: 4d8f51d3fe3900efc6e395be48030d6d
SHA1: 5d3ccc056b6f056dbf0dddfdf43894b9065a8f94
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\jakarta-regexp\jakarta-regexp\1.4\jakarta-regexp-1.4.jar
MD5: 5d8b8c601c21b37aa6142d38f45c0297
SHA1: 0ea514a179ac1dd7e81c7e6594468b9b9910d298
Referenced In Project:
dependency-plugin-tracker
Description: Common Annotations for the JavaTM Platform API
License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.htmlFile Path: C:\Users\Jeremy\.m2\repository\javax\annotation\javax.annotation-api\1.2\javax.annotation-api-1.2.jar
Description: JSR-250 Reference Implementation by Glassfish
License:
COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: https://glassfish.dev.java.net/public/CDDLv1.0.htmlFile Path: C:\Users\Jeremy\.m2\repository\javax\annotation\jsr250-api\1.0\jsr250-api-1.0.jar
Description: APIs for JSR-299: Contexts and Dependency Injection for Java EE
File Path: C:\Users\Jeremy\.m2\repository\javax\enterprise\cdi-api\1.0\cdi-api-1.0.jar
MD5: 462c0959f0322016495f4598243bc0f2
SHA1: 44c453f60909dfc223552ace63e05c694215156b
Referenced In Project:
dependency-plugin-tracker
Description: The javax.inject API
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\javax\inject\javax.inject\1\javax.inject-1.jar
File Path: C:\Users\Jeremy\.m2\repository\javax\servlet\jsp\jsp-api\2.1\jsp-api-2.1.jar
MD5: b8a34113a3a1ce29c8c60d7141f5a704
SHA1: 63f943103f250ef1f3a4d5e94d145a0f961f5316
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\javax\servlet\servlet-api\2.5\servlet-api-2.5.jar
MD5: 69ca51af4e9a67a1027a7f95b52c3e8f
SHA1: 5959582d97d8b61f4d154ca9e495aafd16726e34
Referenced In Project:
dependency-plugin-tracker
Description:
StAX is a standard XML processing API that allows you to stream XML data from and to your application.
License:
GNU General Public Library: http://www.gnu.org/licenses/gpl.txt COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: http://www.sun.com/cddl/cddl.htmlFile Path: C:\Users\Jeremy\.m2\repository\javax\xml\stream\stax-api\1.0-2\stax-api-1.0-2.jar
Description: Jaxen is a universal Java XPath engine.
License:
http://jaxen.codehaus.org/license.htmlFile Path: C:\Users\Jeremy\.m2\repository\jaxen\jaxen\1.1.4\jaxen-1.1.4.jar
File Path: C:\Users\Jeremy\.m2\repository\jdepend\jdepend\2.9.1\jdepend-2.9.1.jar
MD5: 568d2b54187444b81eab642abf49c263
SHA1: 3d3089f585c2740a707c2cb99f4bb149a90d63f0
Referenced In Project:
dependency-plugin-tracker
Description: Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/
License:
The BSD License: http://www.opensource.org/licenses/bsd-license.phpFile Path: C:\Users\Jeremy\.m2\repository\jline\jline\2.12\jline-2.12.jar
File Path: C:\Users\Jeremy\.m2\repository\jline\jline\2.12\jline-2.12.jar\META-INF\native\windows32\jansi.dll
MD5: 1e56641bb68937f8e2020cbff5d04a08
SHA1: 97f6e12599bb5848867b9762184d055ed918ab2a
File Path: C:\Users\Jeremy\.m2\repository\jline\jline\2.12\jline-2.12.jar\META-INF\native\windows64\jansi.dll
MD5: fd3a20891286c958103f3ea07174cd3c
SHA1: 829195c9e338d5725cf304ae33fc209db53884eb
Description: Date and time library to replace JDK date handling
License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\joda-time\joda-time\2.7\joda-time-2.7.jar
Description: Log4j
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\log4j\log4j\1.2.14\log4j-1.2.14.jar
Description:
To compress (Minify + Ofuscate) Javascript files and CSS
files (using YUI Compressor from Julien Lecomte) and/or to check
Javascript files with jslint.
License:
Public domain (Unlicense): http://unlicense.org/File Path: C:\Users\Jeremy\.m2\repository\net\alchim31\maven\yuicompressor-maven-plugin\1.5.1\yuicompressor-maven-plugin-1.5.1.jar
Description: JavaCC is a parser/scanner generator for Java.
License:
Berkeley Software Distribution (BSD) License: http://www.opensource.org/licenses/bsd-license.htmlFile Path: C:\Users\Jeremy\.m2\repository\net\java\dev\javacc\javacc\5.0\javacc-5.0.jar
File Path: C:\Users\Jeremy\.m2\repository\net\java\dev\jna\jna\3.2.2\jna-3.2.2.jar
MD5: 48f0e0081b45aed086faf7678242a4d4
SHA1: d2598c4f68d43dc96b0ffa60e75baa54845596fe
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\net\java\dev\jna\jna\3.2.2\jna-3.2.2.jar\com\sun\jna\win32-amd64\jnidispatch.dll
MD5: f2607244d71e97c5fc7cbdad20edaa8b
SHA1: ce115bd61a7f2d344c38cc87dcd4989d800cf836
File Path: C:\Users\Jeremy\.m2\repository\net\java\dev\jna\jna\3.2.2\jna-3.2.2.jar\com\sun\jna\win32-x86\jnidispatch.dll
MD5: 4ace9eeb32de26548956b5e5841e90cb
SHA1: 8404282d31828b8ff7c7c1d536a6e0c66ccfe86c
Description: Java Native Access Platform
License:
LGPL, version 2.1: http://creativecommons.org/licenses/LGPL/2.1/File Path: C:\Users\Jeremy\.m2\repository\net\java\dev\jna\platform\3.4.0\platform-3.4.0.jar
File Path: C:\Users\Jeremy\.m2\repository\net\jcip\jcip-annotations\1.0\jcip-annotations-1.0.jar
MD5: 9d5272954896c5a5d234f66b7372b17a
SHA1: afba4942caaeaf46aab0b976afd57cc7c181467e
Referenced In Project:
dependency-plugin-tracker
Description: Plugin for formatting Java source code
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\net\revelc\code\formatter-maven-plugin\0.5.2\formatter-maven-plugin-0.5.2.jar
File Path: C:\Users\Jeremy\.m2\repository\net\sourceforge\pmd\pmd-core\5.3.2\pmd-core-5.3.2.jar
MD5: 173db8d40fc1d2dfd33ab4f9e2bef8c9
SHA1: cf6b74aaeff0f2edab21bbc32b05f6d9428d3057
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\net\sourceforge\pmd\pmd-java\5.3.2\pmd-java-5.3.2.jar
MD5: 9efc86d53efe115e11df2843c1714a04
SHA1: c71c8d78e51c5e8c0bab330db63066bcec5e1c6a
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\net\sourceforge\pmd\pmd-javascript\5.3.2\pmd-javascript-5.3.2.jar
MD5: a6f0406c3490228a44781c12acacb5ad
SHA1: 0f7db4366da1b1dd3c0bd390fca6f23e2c238b5b
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\net\sourceforge\pmd\pmd-jsp\5.3.2\pmd-jsp-5.3.2.jar
MD5: 4cf36280541bcee67624e39e474a7c3a
SHA1: 4b072af3b572170bad81c7f3e1ea22cfb877fb8f
Referenced In Project:
dependency-plugin-tracker
Description:
Saxon a complete and conformant implementation of the XSLT 2.0, XQuery 1.0, and XPath 2.0 Recommendations published on 23 January 2007 by W3C
License:
Mozilla Public License Version 1.0: http://www.mozilla.org/MPL/MPL-1.0.txtFile Path: C:\Users\Jeremy\.m2\repository\net\sourceforge\saxon\saxon\9.1.0.8\saxon-9.1.0.8.jar
Description: Maven plugin for JAX-WS RI. Fork of http://jax-ws-commons.java.net/jaxws-maven-plugin/
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\net\trajano\mojo\jaxws-maven-plugin\2.3.8\jaxws-maven-plugin-2.3.8.jar
Description: Efficient and customizable TreeLayout Algorithm in Java.
License:
BSD 3-Clause "New" or "Revised" License (BSD-3-Clause): http://treelayout.googlecode.com/files/LICENSE.TXTFile Path: C:\Users\Jeremy\.m2\repository\org\abego\treelayout\org.abego.treelayout.core\1.0.1\org.abego.treelayout.core-1.0.1.jar
Description: A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.
File Path: C:\Users\Jeremy\.m2\repository\org\antlr\antlr-runtime\3.1.3\antlr-runtime-3.1.3.jar
MD5: df926fa1721f4b522c0607017cefc3c8
SHA1: 3154e3dfd5b7466df8f5151a95be70584f74f76c
Referenced In Project:
dependency-plugin-tracker
Description: A set of annotations used within the ANTLR 4 Runtime
File Path: C:\Users\Jeremy\.m2\repository\org\antlr\antlr4-annotations\4.3\antlr4-annotations-4.3.jar
MD5: 5efe1e1eb33abccb148d8f629c9d408f
SHA1: 4d1d9af5e6d10f41b7ef16b9d30892bda4d823ac
Referenced In Project:
dependency-plugin-tracker
Description: The ANTLR 4 Runtime
File Path: C:\Users\Jeremy\.m2\repository\org\antlr\antlr4-runtime\4.3\antlr4-runtime-4.3.jar
MD5: a45317fcc85a35d151d85f25b8d823dc
SHA1: d644ab8324e2ad95f5583528ef2dc7c143ce0f45
Referenced In Project:
dependency-plugin-tracker
Description: StringTemplate is a java template engine for generating source code,
web pages, emails, or any other formatted text output.
StringTemplate is particularly good at multi-targeted code generators,
multiple site skins, and internationalization/localization.
It evolved over years of effort developing jGuru.com.
StringTemplate also generates the stringtemplate website: http://www.stringtemplate.org
and powers the ANTLR v3 code generator. Its distinguishing characteristic
is that unlike other engines, it strictly enforces model-view separation.
Strict separation makes websites and code generators more flexible
and maintainable; it also provides an excellent defense against malicious
template authors.
There are currently about 600 StringTemplate source downloads a month.
License:
BSD licence: http://antlr.org/license.htmlFile Path: C:\Users\Jeremy\.m2\repository\org\antlr\stringtemplate\3.2\stringtemplate-3.2.jar
File Path: C:\Users\Jeremy\.m2\repository\org\apache\ant\ant-launcher\1.9.4\ant-launcher-1.9.4.jar
MD5: 16d73969811366b9f9678af1d0f04d05
SHA1: 334b62cb4be0432769679e8b94e83f8fd5ed395c
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\apache\ant\ant\1.9.4\ant-1.9.4.jar
MD5: 53a32fc286a44982c829de096becfa3b
SHA1: 6d473e8653d952045f550f4ef225a9591b79094a
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\apache\bcel\bcel\5.2\bcel-5.2.jar
MD5: 43d54687362fc2991d61201c453a8286
SHA1: 96b2cefeb067c08c31225d48e2a689f814baae25
Referenced In Project:
dependency-plugin-tracker
Description:
Apache Commons Compress software defines an API for working with compression and archive formats.
These include: bzip2, gzip, pack200, xz and ar, cpio, jar, tar, zip, dump.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\apache\commons\commons-compress\1.4.1\commons-compress-1.4.1.jar
Description:
The Apache Commons Digester package lets you configure an XML to Java
object mapping module which triggers certain actions called rules whenever
a particular pattern of nested XML elements is recognized.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\apache\commons\commons-digester3\3.2\commons-digester3-3.2.jar
Description:
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\apache\commons\commons-lang3\3.3.2\commons-lang3-3.3.2.jar
Description: Apache Commons Object Pooling Library
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\apache\commons\commons-pool2\2.2\commons-pool2-2.2.jar
Description:
HttpComponents Client
File Path: C:\Users\Jeremy\.m2\repository\org\apache\httpcomponents\httpclient\4.3.5\httpclient-4.3.5.jar
MD5: cfa682894e9d25d9202a5059e7e86794
SHA1: 9783d89b8eea20a517a4afc5f979bd2882b54c44
Referenced In Project:
dependency-plugin-tracker
Description:
HttpComponents Core (blocking I/O)
File Path: C:\Users\Jeremy\.m2\repository\org\apache\httpcomponents\httpcore\4.3.2\httpcore-4.3.2.jar
MD5: ee3d34dce4a30c7d3002cadf8c9172c1
SHA1: 31fbbff1ddbf98f3aa7377c94d33b0447c646b6e
Referenced In Project:
dependency-plugin-tracker
Description:
HttpComponents HttpClient - MIME coded entities
File Path: C:\Users\Jeremy\.m2\repository\org\apache\httpcomponents\httpmime\4.3.5\httpmime-4.3.5.jar
MD5: f009d66937722f9c3c217151ade1f4d6
SHA1: 1dd0d38df9c6d21e893f2e52403f1cd99e91cd81
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\apache\ivy\ivy\2.4.0\ivy-2.4.0.jar
MD5: 8c88b943fcd643d5e592b86179c6fbeb
SHA1: 5abe4c24bbe992a9ac07ca563d5bd3e8d569e9ed
Referenced In Project:
dependency-plugin-tracker
Description: Doxia core classes and interfaces.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\doxia\doxia-core\1.6\doxia-core-1.6.jar
MD5: b6de6f089320d64d2520e61ebdb0202b
SHA1: 61dd1084ec7d093086db714537439b02c76f0deb
Referenced In Project:
dependency-plugin-tracker
Description: The Decoration Model handles the site descriptor, also known as site.xml.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\doxia\doxia-decoration-model\1.1.4\doxia-decoration-model-1.1.4.jar
MD5: fa6724afd6de08472445dbeecd641c29
SHA1: 4555b5cda12b0cb1f00ec6cc61c5ddb07a81449c
Referenced In Project:
dependency-plugin-tracker
Description: A collection of tools to help the integration of Doxia in Maven plugins.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\doxia\doxia-integration-tools\1.6\doxia-integration-tools-1.6.jar
MD5: 086ced67c455860a867c1dc06cfcde71
SHA1: aa12128117facfa64c1ac8b8f70c6cf1dbf8b5ca
Referenced In Project:
dependency-plugin-tracker
Description: Doxia Logging API.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\doxia\doxia-logging-api\1.6\doxia-logging-api-1.6.jar
MD5: bb28c3379ff121445269d71386214733
SHA1: aca027f3574edcd530014361f3d2af413ba7a593
Referenced In Project:
dependency-plugin-tracker
Description:
A Doxia module for Almost Plain Text source documents.
APT format is supported both as source and target formats.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\doxia\doxia-module-apt\1.6\doxia-module-apt-1.6.jar
MD5: 64932e04e11f34e090071e127ee7edaf
SHA1: 9c453c03b3ff320d09227e494ea66cd0eebb0272
Referenced In Project:
dependency-plugin-tracker
Description:
A Doxia module for FML source documents.
FML format is only supported as source format.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\doxia\doxia-module-fml\1.6\doxia-module-fml-1.6.jar
MD5: 8ee4f701bebf5ae903258753daf007e1
SHA1: 67e3faa49307e003ba717eb53330aeb02861de19
Referenced In Project:
dependency-plugin-tracker
Description:
A Doxia module for Markdown source documents.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\doxia\doxia-module-markdown\1.6\doxia-module-markdown-1.6.jar
MD5: e276af019966ea3b60abcc6663a20fde
SHA1: 427194dcc65fb7ad8e47fe53de4800b5869278ea
Referenced In Project:
dependency-plugin-tracker
Description:
A Doxia module for Xdoc source documents.
Xdoc format is supported both as source and target formats.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\doxia\doxia-module-xdoc\1.6\doxia-module-xdoc-1.6.jar
MD5: 0181294953d40024d9de2099b74e7de8
SHA1: 68e3919146bce8519fc3d750e7ef8fb3685fe1e8
Referenced In Project:
dependency-plugin-tracker
Description:
A Doxia module for Xhtml source documents.
Xhtml format is supported both as source and target formats.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\doxia\doxia-module-xhtml\1.6\doxia-module-xhtml-1.6.jar
MD5: 7a6ac991e2fa35a6d9af5f75f975fe55
SHA1: 71dc8d1ce4c5fcd976aecb8339e331ba9f46f7e3
Referenced In Project:
dependency-plugin-tracker
Description: Doxia Sink API.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\doxia\doxia-sink-api\1.1.4\doxia-sink-api-1.1.4.jar
MD5: 013259a0306738f86118c689a66c7aa8
SHA1: 06bddcc2ade60de8867997061e214e72cf4b9b1d
Referenced In Project:
dependency-plugin-tracker
Description: The Site Renderer handles the rendering of sites.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\doxia\doxia-site-renderer\1.1.4\doxia-site-renderer-1.1.4.jar
MD5: e7388d2ccf4b6a9b0487725a327b5b3b
SHA1: eca1027eb69745b0041520e3e4a252dd663527b1
Referenced In Project:
dependency-plugin-tracker
Description:
This component provides the generic interfaces needed to implement custom rules for the maven-enforcer-plugin.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\enforcer\enforcer-api\1.4.1\enforcer-api-1.4.1.jar
MD5: cf55f5e017efca6303fdd473e173a9bc
SHA1: 70e2aa685ade913d8d3fe5d0167f6623912e6067
Referenced In Project:
dependency-plugin-tracker
Description: This component contains the standard Enforcer Rules
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\enforcer\enforcer-rules\1.4.1\enforcer-rules-1.4.1.jar
MD5: 7075442c6de94f580c4ebfa295bf4412
SHA1: b47e693da986dd2e8c0169dc31178fb07a06da39
Referenced In Project:
dependency-plugin-tracker
Description: Extensions to Aether for utilizing Maven POM and repository metadata.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-aether-provider\3.1.1\maven-aether-provider-3.1.1.jar
MD5: 007a9dcc3298c0869477110a36099313
SHA1: 7fd8a65d950d0e77dd39cc4ce2776ff9673ae470
Referenced In Project:
dependency-plugin-tracker
Description: Provides utility methods for creating JARs and other archive files from a Maven project.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-archiver\2.5\maven-archiver-2.5.jar
MD5: 7495b78e898fb9968487ab47cc1c7e5f
SHA1: c999ae305f22ecfc5a000dca12a39b9491778bd5
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-artifact-manager\2.2.1\maven-artifact-manager-2.2.1.jar
MD5: f3e76a8a83f422a900886543c48914f7
SHA1: ec355b913c34d37080810f98e3f51abecbe1572b
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-artifact\2.2.1\maven-artifact-2.2.1.jar
MD5: 7b7613fd5db72967269abe7ab50b76e9
SHA1: 23600f790d4dab2cb965419eaa982e3e84c428f8
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-compat\2.2.1\maven-compat-2.2.1.jar
MD5: 91f082f8a59b1ed84d1026b0c0003140
SHA1: 1ce11fccd3c94d0d1ee861bd4237b210acd2c2ed
Referenced In Project:
dependency-plugin-tracker
Description: Maven Core classes.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-core\3.1.1\maven-core-3.1.1.jar
MD5: f4c6ef84a6e712a1374b42139daa0784
SHA1: ab7a9b58a1a4dec17facebda058d1da2a34871ff
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-jxr\2.5\maven-jxr-2.5.jar
MD5: 795c758f5c8a1a8ebe95f5b952d9832b
SHA1: 92dba1e1c03124397644a55fe97f565c08f32341
Referenced In Project:
dependency-plugin-tracker
Description: The effective model builder, with inheritance, profile activation, interpolation, ...
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-model-builder\3.1.1\maven-model-builder-3.1.1.jar
MD5: 7447b3f33c6201f92dedbf5b4059bb4c
SHA1: 5fb53c92da84ebeff403414b667611d6bcd477cf
Referenced In Project:
dependency-plugin-tracker
Description: Maven Model
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-model\2.2.1\maven-model-2.2.1.jar
MD5: b269f663e3440e40be4b696d9b7c2260
SHA1: c0a1c17436ec3ff5a56207c031d82277b4250a29
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-monitor\2.2.1\maven-monitor-2.2.1.jar
MD5: 396e401208090417e0f18ad2b1bccd92
SHA1: afc57c3a1368cd34caccb638e00523701f398c20
Referenced In Project:
dependency-plugin-tracker
Description: The API for plugins - Mojos - development.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-plugin-api\3.1.0\maven-plugin-api-3.1.0.jar
MD5: 3a2af8945d7b2ae38ca33a97f60a9611
SHA1: 8821fd1b81c6b960f7ce39f5dde612c665146fd8
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-plugin-descriptor\2.2.1\maven-plugin-descriptor-2.2.1.jar
MD5: f28d3a50552a8d2943587638f5f01455
SHA1: 68d20ae3c40c4664dc52be90338af796db7ffb32
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-plugin-registry\2.2.1\maven-plugin-registry-2.2.1.jar
MD5: 46a27ab81d327e3f5fd1d3e435fe2aad
SHA1: 72a24b7775649af78f3986b5aa7eb354b9674cfd
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-project-builder\3.0-alpha-2\maven-project-builder-3.0-alpha-2.jar
MD5: 3f962398b452901b94a040c5cac772f6
SHA1: c0549120b6220b1c4af5a2859bc8196e1c8b6cc0
Referenced In Project:
dependency-plugin-tracker
Description: This library is used to not only read Maven project object model files, but to assemble inheritence
and to retrieve remote models as required.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-project\3.0-alpha-2\maven-project-3.0-alpha-2.jar
MD5: 2e5d64b450ea6cb9eb67e8e0f567c449
SHA1: fd7d64f9e8ec392132c716f07d35416051a7d09a
Referenced In Project:
dependency-plugin-tracker
Description: Per-directory repository metadata.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-repository-metadata\2.2.1\maven-repository-metadata-2.2.1.jar
MD5: c426b243119831168af2fbd767254f59
SHA1: 98f0c07fcf1eeb213bef8d9316a9935184084b06
Referenced In Project:
dependency-plugin-tracker
Description: The effective settings builder, with inheritance and password decryption.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-settings-builder\3.0.4\maven-settings-builder-3.0.4.jar
MD5: 84aa1f63d2d34abe0b8a60b71d454d9b
SHA1: 1c47e99b3cef4aed391f6c76aa073f3f7f25044b
Referenced In Project:
dependency-plugin-tracker
Description: Maven Settings model.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-settings\3.0.4\maven-settings-3.0.4.jar
MD5: 44865cea2d53c88952fe816e004f5075
SHA1: 09897b492f19f4a9a37c008c025691cd4a858cdc
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-toolchain\2.2.1\maven-toolchain-2.2.1.jar
MD5: 21e07983aa493f1bdbf0c2c5a474ed4d
SHA1: 0be589179cfbbad11e48572bf1a28e3490c7b197
Referenced In Project:
dependency-plugin-tracker
Description: The Maven Plugin Testing Harness provides mechanisms to manage tests on Mojo.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugin-testing\maven-plugin-testing-harness\1.3\maven-plugin-testing-harness-1.3.jar
MD5: 508286f0879d94506dffed8a236a6407
SHA1: 6665bb05657168fd6611ca1f1c387038005e09df
Referenced In Project:
dependency-plugin-tracker
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-399 Resource Management Errors
PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
Vulnerable Software & Versions: (show all)
Description: Java 5 annotations to use in Mojos
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugin-tools\maven-plugin-annotations\3.3\maven-plugin-annotations-3.3.jar
MD5: b9617ae0fa56756935298b97c252bfe4
SHA1: 101cb0295bb16c64e85f2b5354b57058e907b061
Referenced In Project:
dependency-plugin-tracker
Description: Runs Ant scripts embedded in the POM
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-antrun-plugin\1.8\maven-antrun-plugin-1.8.jar
MD5: 3a8c5c8a01bfc6a104b7012a968c9be4
SHA1: 0d02c0af622aa6a0c86e81c519299e888e0a32a3
Referenced In Project:
dependency-plugin-tracker
Description: A Maven plugin to create archives of your project's sources, classes, dependencies etc. from flexible assembly descriptors.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-assembly-plugin\2.5.5\maven-assembly-plugin-2.5.5.jar
MD5: 21a89293c2eecc480ca4d67be8e498dc
SHA1: 699edd7f5e262572d39c47555929afb10a945c57
Referenced In Project:
dependency-plugin-tracker
Description: Produce SCM changelog reports.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-changelog-plugin\2.3\maven-changelog-plugin-2.3.jar
MD5: ca7bca18bb56a20acd842360b5e858f1
SHA1: 50d90237471f05727d1bc72868cf9eb2af125c9a
Referenced In Project:
dependency-plugin-tracker
Description: Generates a report on violations of code style and optionally fails the build if violations are detected.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-checkstyle-plugin\2.16\maven-checkstyle-plugin-2.16.jar
MD5: 3a38d55e3f20eb08ced1b37df3f3f733
SHA1: 273da4329d85e3d6741226a89d60c00d121bbd41
Referenced In Project:
dependency-plugin-tracker
Description:
The Maven Clean Plugin is a plugin that removes files generated at build-time in a project's directory.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-clean-plugin\2.6.1\maven-clean-plugin-2.6.1.jar
MD5: 8dcc382dc49b8156a676b1074b4aacfe
SHA1: bfdf7d6c2f8fc8759457e9d54f458ba56ac7b30f
Referenced In Project:
dependency-plugin-tracker
Description: The Compiler Plugin is used to compile the sources of your project.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-compiler-plugin\3.3\maven-compiler-plugin-3.3.jar
MD5: b114a7a575b7424e64639b05f1d501a7
SHA1: 2ba1a928967843fceea2976d8bc6aa8accdf2145
Referenced In Project:
dependency-plugin-tracker
Description: Provides utility goals to work with dependencies like copying, unpacking, analyzing, resolving and many more.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-dependency-plugin\2.10\maven-dependency-plugin-2.10.jar
MD5: 53007ccc018de2f932524deef07515b9
SHA1: af87ceeb71c6499147c5d27f74c9317bf707538e
Referenced In Project:
dependency-plugin-tracker
Description: Uploads the project artifacts to the internal remote repository.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-deploy-plugin\2.8.2\maven-deploy-plugin-2.8.2.jar
MD5: c9f211a7ddbaae0583dde1408c48138a
SHA1: 3c2d83ecd387e9843142ae92a0439792c1500319
Referenced In Project:
dependency-plugin-tracker
Description: The Loving Iron Fist of Maven
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-enforcer-plugin\1.4.1\maven-enforcer-plugin-1.4.1.jar
MD5: 20b6f59d609eebf77aa9cb8db2a61924
SHA1: e9bd7df541415bfe587ce082458f9a48bf9b55b4
Referenced In Project:
dependency-plugin-tracker
Description: Signs the project artifacts with GnuPG.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-gpg-plugin\1.6\maven-gpg-plugin-1.6.jar
MD5: e2cd7843f0714f8eebff181011817e0d
SHA1: 4ec125296d79f591e412ccc8ebdfcc3a91e2cdd7
Referenced In Project:
dependency-plugin-tracker
Description: Copies the project artifacts to the user's local repository.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-install-plugin\2.5.2\maven-install-plugin-2.5.2.jar
MD5: 5d888555943fb34ffc35eac586e7747e
SHA1: 8a67631619fc3c1d1f036e59362ddce71e1e496f
Referenced In Project:
dependency-plugin-tracker
Description: Builds a Java Archive (JAR) file from the compiled project classes and resources.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-jar-plugin\2.6\maven-jar-plugin-2.6.jar
MD5: a96e43f51ae2520c93e491ff1c89d491
SHA1: 618f08d0fcdd3929af846ef1b65503b5904f93e3
Referenced In Project:
dependency-plugin-tracker
Description:
The Apache Maven Javadoc Plugin is a plugin that uses the javadoc tool for
generating javadocs for the specified project.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-javadoc-plugin\2.10.3\maven-javadoc-plugin-2.10.3.jar
MD5: 847362480a10fd0ab3c835ad7bb90d6e
SHA1: 0539bd0648e5913f8dd8829064d1122262bcdf9d
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-jxr-plugin\2.5\maven-jxr-plugin-2.5.jar
MD5: 5f5da32412c41571d8d65fb27bbad10c
SHA1: 14ace45746a3e73040ef30cf23c205a0b4e0b092
Referenced In Project:
dependency-plugin-tracker
Description:
A Maven plugin for the PMD toolkit, that produces a report on both code rule violations and detected copy and paste
fragments,
as well as being able to fail the build based on these metrics.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-pmd-plugin\3.5\maven-pmd-plugin-3.5.jar
MD5: 7ead33cb0cee8fd2f6e6f5770df04528
SHA1: 80ba144299d4bc22f8d1ecfefd32d4a52508468d
Referenced In Project:
dependency-plugin-tracker
Description:
The Maven Project Info Reports Plugin is a plugin that generates standard reports
for the specified project.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-project-info-reports-plugin\2.8\maven-project-info-reports-plugin-2.8.jar
MD5: 0ad51fc1d1f0e68526510aeb57a1b863
SHA1: d41069957b9bc11766ad11b22cadd09f404f5bf4
Referenced In Project:
dependency-plugin-tracker
Description: This plugin is used to release a project with Maven, saving a lot of repetitive, manual work.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-release-plugin\2.5.2\maven-release-plugin-2.5.2.jar
MD5: b16590cbfd39b6a10d1e8f97350ea709
SHA1: 4ca91b1a68f45abb66a84d5bc4226692143c77b5
Referenced In Project:
dependency-plugin-tracker
Description:
The Resources Plugin handles the copying of project resources to the output
directory. There are two different kinds of resources: main resources and test resources. The
difference is that the main resources are the resources associated to the main
source code while the test resources are associated to the test source code.
Thus, this allows the separation of resources for the main source code and its
unit tests.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-resources-plugin\2.7\maven-resources-plugin-2.7.jar
MD5: 1992654402055d45fbcc84e5dc2911e6
SHA1: 94af11389943a480ecec7db01b4ded1b9cdf57c5
Referenced In Project:
dependency-plugin-tracker
Description: Maven Plugin that allows accessing different SCMs.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-scm-plugin\1.9.4\maven-scm-plugin-1.9.4.jar
MD5: c3c8f113cc0c6766ca4b597fdb9d2680
SHA1: 8a29ba6736337e4c54cd66acd6e339c06a9fb75e
Referenced In Project:
dependency-plugin-tracker
Description: The Maven Site Plugin is a plugin that generates a site for the current project.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-site-plugin\3.4\maven-site-plugin-3.4.jar
MD5: 74fc9747a6621866bc1f58ce63fcf78b
SHA1: 659cd5f1dd8bff554cf52603339494cbf7f283c5
Referenced In Project:
dependency-plugin-tracker
Description: The Maven 2 Source Plugin creates a JAR archive of the source files of the current project.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-source-plugin\2.4\maven-source-plugin-2.4.jar
MD5: 7a09629d4455159172cdc8ec7a88d8a4
SHA1: 46f0d7f7823d729ba300d3f8929900c7e9cb5ac0
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-surefire-plugin\2.18.1\maven-surefire-plugin-2.18.1.jar
MD5: 32c355be4424c35f6aab5f6954b06011
SHA1: 402fd3066fd6d85ea4a1a3e7cd82a7e35037e6e8
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-surefire-report-plugin\2.18.1\maven-surefire-report-plugin-2.18.1.jar
MD5: beb072d2d6c7aa5ab1f1e3a4139d3b27
SHA1: bbdbbbbe56879a7465ab083b64c764f4f41d9903
Referenced In Project:
dependency-plugin-tracker
Description: Builds a Web Application Archive (WAR) file from the project output and its dependencies.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugins\maven-war-plugin\2.6\maven-war-plugin-2.6.jar
MD5: 7f5f4699147b98b9ab1ee218615b7477
SHA1: e02eef0eabb0a67a5f4a048212d3c0232976c9e8
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\release\maven-release-api\2.5.2\maven-release-api-2.5.2.jar
MD5: 09d1028774400c1ce84fda4a81765ccd
SHA1: 13b6c7fe08f08c62fed70fec14657d20a17f2480
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\release\maven-release-manager\2.5.2\maven-release-manager-2.5.2.jar
MD5: 28b7c38892b557190eeb1ec6281e7a12
SHA1: 7f1a7588c2d082dc2200bab0a1e41f7bb8667e39
Referenced In Project:
dependency-plugin-tracker
Description: API to manage report generation.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\reporting\maven-reporting-api\3.0\maven-reporting-api-3.0.jar
MD5: 48cd00abc388c5156879b335e869adab
SHA1: b2541dd07d08cd5eff9bd4554a2ad6a4198e2dfe
Referenced In Project:
dependency-plugin-tracker
Description: Classes to manage report plugin executions with Maven 3.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\reporting\maven-reporting-exec\1.2\maven-reporting-exec-1.2.jar
MD5: 6a2ef57bf3642d82a4363f23f2bc06d5
SHA1: e0d95fc8f5c4abb846142998c176a06bc71c5ae2
Referenced In Project:
dependency-plugin-tracker
Description: Abstract classes to manage report generation.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\reporting\maven-reporting-impl\2.2\maven-reporting-impl-2.2.jar
MD5: 374a6837c2ae2fc5ff814b2c31b6e6d6
SHA1: 42d1bd175eca91bcc613b699331125ab3b2292e1
Referenced In Project:
dependency-plugin-tracker
Description: The SCM API provides mechanisms to manage all SCM tools.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-api\1.8\maven-scm-api-1.8.jar
MD5: 1dede061ce699fdd80ea96aafd72ec35
SHA1: ed97c180fb299713862c17c07006cc24137973cc
Referenced In Project:
dependency-plugin-tracker
Description: SCM Plexus component.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-manager-plexus\1.8\maven-scm-manager-plexus-1.8.jar
MD5: f82e2c3b2b32ca1ed61e543fd46f9b57
SHA1: 0c40252207550975e3235816a24eed3c932a4c72
Referenced In Project:
dependency-plugin-tracker
Description: SCM Provider implementation for AccuRev (http://www.accurev.com/).
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-accurev\1.9.4\maven-scm-provider-accurev-1.9.4.jar
MD5: 0cd0c1e3919510d9fa38a334e7ef54a9
SHA1: 666cc8752fd73a8bd72c72f2be048979ee2e7137
Referenced In Project:
dependency-plugin-tracker
Description: SCM Provider implementation for Bazaar (http://bazaar-vcs.org/).
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-bazaar\1.8\maven-scm-provider-bazaar-1.8.jar
MD5: de72550fbe7bf252aeeeec9193cf82c4
SHA1: f1ac373bbab601a401c8c7a32c9c79df40b2aec0
Referenced In Project:
dependency-plugin-tracker
Description: SCM Provider implementation for Clearcase (http://www-306.ibm.com/software/awdtools/clearcase/).
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-clearcase\1.8\maven-scm-provider-clearcase-1.8.jar
MD5: 5b506e7656856e57b04339dfb0a4e2df
SHA1: afe2771b02524f218b8cb1a4f46a4b8084d81e46
Referenced In Project:
dependency-plugin-tracker
Description: Common library for SCM CVS Provider.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-cvs-commons\1.9.2\maven-scm-provider-cvs-commons-1.9.2.jar
MD5: c3875e63b604c1c585bf731a8d2b9517
SHA1: 4f65b88f1c1d61c1e94d3f2deebba0ec3f80e12e
Referenced In Project:
dependency-plugin-tracker
Description: Executable implementation for SCM CVS Provider.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-cvsexe\1.8\maven-scm-provider-cvsexe-1.8.jar
MD5: 108ce95885945384d951fe0dd247c60b
SHA1: 38138ab8c05d1a138f799853854b58076d17013f
Referenced In Project:
dependency-plugin-tracker
Description: Java implementation for SCM CVS Provider.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-cvsjava\1.8\maven-scm-provider-cvsjava-1.8.jar
MD5: 8733ac4f7ee027bc3bb24ec053dd82e9
SHA1: ce4f6cadb1716b223bbf14155b87769ec629e04f
Referenced In Project:
dependency-plugin-tracker
Description: Common library for SCM Git Provider.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-git-commons\1.9.2\maven-scm-provider-git-commons-1.9.2.jar
MD5: 5a35c7c9bfabee178bcb7cf940d516ae
SHA1: dd202a7ef6a0c932c442becaaf6cc85c6db008d8
Referenced In Project:
dependency-plugin-tracker
Description: Executable implementation for SCM Git Provider.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-gitexe\1.8\maven-scm-provider-gitexe-1.8.jar
MD5: 65ed02d6d9c322c66b536f7847c2ba73
SHA1: 3fddb3a0f932fef6351f7212ebc2ad5f867dc78e
Referenced In Project:
dependency-plugin-tracker
Description: SCM Provider implementation for Mercurial Hg (http://www.selenic.com/mercurial/wiki/).
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-hg\1.8\maven-scm-provider-hg-1.8.jar
MD5: d9cdd91f70d7070dc2ac1866336bd20b
SHA1: 50e193aaba8dc8dbf73fcd17b6c991efce152eb0
Referenced In Project:
dependency-plugin-tracker
Description: SCM Provider implementation for MKS Integrity : http://mks.com/
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-integrity\1.9.4\maven-scm-provider-integrity-1.9.4.jar
MD5: 0c816d9d92dbe0e35d95852c7b742faf
SHA1: 5a880763e941fba3e423420227da0590c01eb273
Referenced In Project:
dependency-plugin-tracker
Description: A Maven SCM Provider for IBM Jazz SCM (http://jazz.net/).
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-jazz\1.8\maven-scm-provider-jazz-1.8.jar
MD5: 96f0e3076fcec7a6a28767e12f8eb1da
SHA1: 8fb95acf3c0211d9c1578403ffa34a3923a9e7e2
Referenced In Project:
dependency-plugin-tracker
Description: SCM Provider implementation for Local.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-local\1.8\maven-scm-provider-local-1.8.jar
MD5: d9a16a10f0ac68dd4a1241a19fc44c86
SHA1: 0207e07689f93004bb4f43b8229d0727b446622a
Referenced In Project:
dependency-plugin-tracker
Description: SCM Provider implementation for Perforce (http://www.perforce.com/).
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-perforce\1.8\maven-scm-provider-perforce-1.8.jar
MD5: 7102cbe62e71b819e9222673a541f6f1
SHA1: a5240a5cf6526f5fb3bcb9b5c29a850a193a245d
Referenced In Project:
dependency-plugin-tracker
Description: SCM Provider implementation for Starteam (http://www.borland.com/us/products/starteam/index.html).
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-starteam\1.8\maven-scm-provider-starteam-1.8.jar
MD5: 7d7eab16e6fc880fe300b7e4c68dd062
SHA1: 1563b30b2329578e38cc3f4ac45506c3657d0e1d
Referenced In Project:
dependency-plugin-tracker
Description: Common library for SCM SVN Provider. Includes the svn-settings.xml configuration model.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-svn-commons\1.8\maven-scm-provider-svn-commons-1.8.jar
MD5: 6ddcb74f815ac42166b944919f9a0011
SHA1: 356b8fd88a89d356392f01554c68d2336113d979
Referenced In Project:
dependency-plugin-tracker
Description: Executable library for SCM SVN Provider.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-svnexe\1.8\maven-scm-provider-svnexe-1.8.jar
MD5: f6283e5aa96688a62153b2de4560aea1
SHA1: 0758a18cc366cc40ed95e31d1f73f8e75e0577ec
Referenced In Project:
dependency-plugin-tracker
Description: SCM Provider implementation for Synergy (http://www.telelogic.com/corp/products/synergy/index.cfm).
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-synergy\1.8\maven-scm-provider-synergy-1.8.jar
MD5: 5b340f5120420682558b4fc8b1c6f22c
SHA1: 8cd64430b32461842946bf6ccfbccfd86b6af585
Referenced In Project:
dependency-plugin-tracker
Description: A Maven 2 SCM Provider for Microsoft Visual Studio Team Foundation Server.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-tfs\1.9.4\maven-scm-provider-tfs-1.9.4.jar
MD5: 443d705a2a5ba18cccddbe80eefee53b
SHA1: bcefe778335b538bb8b6b3e2dfc5e6cf44bd18f2
Referenced In Project:
dependency-plugin-tracker
Description: SCM Provider implementation for VSS (http://msdn.microsoft.com/en-us/vstudio/aa700907.aspx).
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\scm\maven-scm-provider-vss\1.8\maven-scm-provider-vss-1.8.jar
MD5: 7bb06cfbe84825eb6c7049d946c875ff
SHA1: f3cb3f2d55a463fd65ea8961f67d2791058a0392
Referenced In Project:
dependency-plugin-tracker
Description: Basic API for lightweight logging
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\shared\file-management\1.1\file-management-1.1.jar
MD5: 48c2abe6b3a5045649714d06eceb6bbd
SHA1: 1a751b5b40520478458f31dca58d763c34580755
Referenced In Project:
dependency-plugin-tracker
Description: A collection of ready-made filters to control inclusion/exclusion of artifacts during dependency resolution.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\shared\maven-common-artifact-filters\1.4\maven-common-artifact-filters-1.4.jar
MD5: f349d565d928ff833dd1118ea565810e
SHA1: de97ff2efd804f06c3698a914f2d55205742bcc4
Referenced In Project:
dependency-plugin-tracker
Description:
Analyzes the dependencies of a project for undeclared or unused artifacts.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\shared\maven-dependency-analyzer\1.6\maven-dependency-analyzer-1.6.jar
MD5: 7b05d238c2398b87d76e00a75c8102e5
SHA1: 8a005ad010c2c49bac8c76eecd4602aeab4adf0b
Referenced In Project:
dependency-plugin-tracker
Description: A tree-based API for resolution of Maven project dependencies
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\shared\maven-dependency-tree\2.2\maven-dependency-tree-2.2.jar
MD5: c9b2c60a0fd118c04595db246f3075a2
SHA1: 5d9ce6add7b714b8095f0e3e396c5e9f8c5dcfef
Referenced In Project:
dependency-plugin-tracker
Description: A collection of tools to help the integration of Doxia in Maven plugins.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\shared\maven-doxia-tools\1.2.1\maven-doxia-tools-1.2.1.jar
MD5: cc155ef6a28af35660d03f5a75ac16fc
SHA1: c128c05d70e617f710a46df709c4bb3a85233444
Referenced In Project:
dependency-plugin-tracker
Description: A component to assist in filtering of resource files with properties from a Maven project.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\shared\maven-filtering\1.3\maven-filtering-1.3.jar
MD5: 70945f82a560019aa51de31ab1210deb
SHA1: 3e4f4c305d40c598763ed842f52faeb4dfb63c6c
Referenced In Project:
dependency-plugin-tracker
Description: A component to programmatically invoke Maven.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\shared\maven-invoker\2.1.1\maven-invoker-2.1.1.jar
MD5: a828c635d3ea613e5b116a5f5fe70756
SHA1: 78cb230a29f501cf0631070e78f436902e3305dd
Referenced In Project:
dependency-plugin-tracker
Description: A shared component to assist in interpolating file names using properties from a Maven project.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\shared\maven-mapping\1.0\maven-mapping-1.0.jar
MD5: 5b376b298dea015e594de0c3000ed4c7
SHA1: 73181b19212dd4328fb2858cd08f01ee0d485c0e
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\shared\maven-repository-builder\1.0\maven-repository-builder-1.0.jar
MD5: b977b4412b5476b6f104b11e65cfdc2c
SHA1: 2e68cda42d3a849bf7de013f58dff8d2913e8174
Referenced In Project:
dependency-plugin-tracker
Description:
Various utility classes and plexus components for supporting
incremental build functionality in maven plugins.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\shared\maven-shared-incremental\1.1\maven-shared-incremental-1.1.jar
MD5: 8a48e08aa027a7ac33fcc85054512021
SHA1: 9d017a7584086755445c0a260dd9a1e9eae161a5
Referenced In Project:
dependency-plugin-tracker
Description: API for I/O support like logging, download or file scanning.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\shared\maven-shared-io\1.1\maven-shared-io-1.1.jar
MD5: fe668f50b2c0edc8707609f792ca4036
SHA1: 02e1d57be05ecac7dbe56a3c73b113e98f22240f
Referenced In Project:
dependency-plugin-tracker
Description:
Utilities that help identify the contents of a JAR, including Java class analysis and Maven metadata analysis.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\shared\maven-shared-jar\1.1\maven-shared-jar-1.1.jar
MD5: 67dd345e21509e2f32a90448d85b791e
SHA1: ba7d4068aad3153e2be5ac9d445057cc1f9e4069
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\shared\maven-shared-utils\0.7\maven-shared-utils-0.7.jar
MD5: 96ba4884a1c007e9c88cbc300fdada45
SHA1: 0704e679088765e7df5e1ef3eef400c4a061c9ef
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\surefire\maven-surefire-common\2.18.1\maven-surefire-common-2.18.1.jar
MD5: 4d733b6dcf2e35a76b887c28b011b507
SHA1: 9fff3ee116243c395aa42c9139499d6fe4ae7994
Referenced In Project:
dependency-plugin-tracker
Description: A collection of ready-made filters to control inclusion/exclusion of artifacts during dependency resolution.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\surefire\maven-surefire-common\2.18.1\maven-surefire-common-2.18.1.jar\META-INF/maven/org.apache.maven.shared/maven-common-artifact-filters/pom.xml
MD5: 7995d42a1b25069605608ed5958db95b
SHA1: e28ce2f08d032ae25c83b9bde56df51e3420d6ff
Description: Shared utils without any further dependencies
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\surefire\maven-surefire-common\2.18.1\maven-surefire-common-2.18.1.jar\META-INF/maven/org.apache.maven.shared/maven-shared-utils/pom.xml
MD5: ca630cf6049557ab8d02fe8b514ce11c
SHA1: 86c6539debc641d1e5b6835363e19d373cf5403c
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\surefire\surefire-api\2.18.1\surefire-api-2.18.1.jar
MD5: 4513295e824b16cf6fdb7c99abfd3cd1
SHA1: 7838e4f65460ddde64bf818bebfade0b1c630de6
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\surefire\surefire-booter\2.18.1\surefire-booter-2.18.1.jar
MD5: 9629e1d43834645e4639fa6ad1dcd020
SHA1: 0eb85fe5a28cb9fd6bf9381dc95a45f7acab6b9c
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\surefire\surefire-report-parser\2.18.1\surefire-report-parser-2.18.1.jar
MD5: e6224cc26db98531b78751340af76ec4
SHA1: 40e05585e401e1905769e2e575b50c021b170849
Referenced In Project:
dependency-plugin-tracker
Description:
Wagon provider that gets and puts artifacts using file system protocol
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\wagon\wagon-file\2.7\wagon-file-2.7.jar
MD5: 03cedd9762dfd09b7ba73a46b34aff6c
SHA1: cb6acc07e78040882f3098b614f9c9f84475f770
Referenced In Project:
dependency-plugin-tracker
Description:
Wagon provider that gets and puts artifacts through http using standard Java library
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\wagon\wagon-http-lightweight\2.7\wagon-http-lightweight-2.7.jar
MD5: 267e72a756b70a01d88bb765719cbe70
SHA1: 5041b265f51b977e5e91f49f8da97a6093b3853c
Referenced In Project:
dependency-plugin-tracker
Description:
Shared Library for wagon providers supporting HTTP.
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\wagon\wagon-http-shared\2.7\wagon-http-shared-2.7.jar
MD5: 695f9a310cb52f4be563ca1b590cdf84
SHA1: 01bc428f7a784dfb21f1f17b6a439a0d7d972e38
Referenced In Project:
dependency-plugin-tracker
Description: Maven Wagon API that defines the contract between different Wagon implementations
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\wagon\wagon-provider-api\1.0-beta-6\wagon-provider-api-1.0-beta-6.jar
MD5: 63826e38e44f08e7935c1d173667ed8c
SHA1: 3f952e0282ae77ae59851d96bb18015e520b6208
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\wagon\wagon-ssh-common\2.7\wagon-ssh-common-2.7.jar
MD5: 91f72ed89ccf9d532e03eb37bd3bcde8
SHA1: 34a2434480011491513f15b8bb5facc1aafacb84
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\wagon\wagon-ssh\2.7\wagon-ssh-2.7.jar
MD5: 695a1aa241ca4c56893f04fb3f96028c
SHA1: f1cbee4854b4c3bd72fef2ddb573f3e4e6edf152
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\apache\struts\struts-core\1.3.8\struts-core-1.3.8.jar
MD5: 868de456b4d4331d6dcc4e8d3bee884e
SHA1: 66178d4a9279ebb1cd1eb79c10dc204b4199f061
Referenced In Project:
dependency-plugin-tracker
Severity:
High
CVSS Score: 7.5
CWE: CWE-20 Improper Input Validation
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.
Vulnerable Software & Versions: (show all)
File Path: C:\Users\Jeremy\.m2\repository\org\apache\struts\struts-tiles\1.3.8\struts-tiles-1.3.8.jar
MD5: f41992ab2729b1cb9c6b4721465aa4e4
SHA1: 6d212f8ea5d908bc9906e669428b7694dff60785
Referenced In Project:
dependency-plugin-tracker
Severity:
High
CVSS Score: 7.5
CWE: CWE-20 Improper Input Validation
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.
Vulnerable Software & Versions: (show all)
Description: Core Tomcat implementation
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\embed\tomcat-embed-core\7.0.47\tomcat-embed-core-7.0.47.jar
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-284 Improper Access Control
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.8
CWE: CWE-399 Resource Management Errors
Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.4
CWE: CWE-19 Data Handling
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-189 Numeric Errors
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls
java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-189 Numeric Errors
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-264 Permissions, Privileges, and Access Controls
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
CWE: CWE-20 Improper Input Validation
** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.1
CWE: CWE-264 Permissions, Privileges, and Access Controls
** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information."
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.5
Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
Vulnerable Software & Versions:
File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\maven\common-tomcat-maven-plugin\2.2\common-tomcat-maven-plugin-2.2.jar
MD5: 9e11f13ea30bb52d4273f3d299932a84
SHA1: 3abe5d3f487698de1039b1a8999a1a2569c017ea
Referenced In Project:
dependency-plugin-tracker
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-189 Numeric Errors
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls
java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-189 Numeric Errors
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
CWE: CWE-352
** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that "the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator."
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-200 Information Exposure
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')
Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-20 Improper Input Validation
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.8
CWE: CWE-20 Improper Input Validation
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
CWE: CWE-20 Improper Input Validation
** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-16 Configuration
Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-16 Configuration
The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.3
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.6
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.5
Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
Vulnerable Software & Versions:
File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\maven\tomcat7-war-runner\2.2\tomcat7-war-runner-2.2.jar
MD5: 75cf811178a5d6c52f515c07b5deeda6
SHA1: c183b7947e496e6a283001020aefb4ba9d86fe6e
Referenced In Project:
dependency-plugin-tracker
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-189 Numeric Errors
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls
java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-189 Numeric Errors
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
CWE: CWE-352
** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that "the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator."
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-200 Information Exposure
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')
Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-20 Improper Input Validation
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.8
CWE: CWE-20 Improper Input Validation
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
CWE: CWE-20 Improper Input Validation
** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-16 Configuration
Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-16 Configuration
The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.3
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.6
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.5
Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
Vulnerable Software & Versions:
Description: Expression language package
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\tomcat-el-api\7.0.47\tomcat-el-api-7.0.47.jar
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-284 Improper Access Control
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.8
CWE: CWE-399 Resource Management Errors
Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.4
CWE: CWE-19 Data Handling
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-189 Numeric Errors
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-264 Permissions, Privileges, and Access Controls
java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-189 Numeric Errors
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-264 Permissions, Privileges, and Access Controls
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
CWE: CWE-20 Improper Input Validation
** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.1
CWE: CWE-264 Permissions, Privileges, and Access Controls
** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information."
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.5
Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
Vulnerable Software & Versions:
Description:
VelocityTools is an integrated collection of Velocity subprojects
with the common goal of creating tools and infrastructure to speed and ease
development of both web and non-web applications using the Velocity template
engine.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\apache\velocity\velocity-tools\2.0\velocity-tools-2.0.jar
Description: Apache Velocity is a general purpose template engine.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\apache\velocity\velocity\1.5\velocity-1.5.jar
Description: XBean is a plugin based server architecture.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\apache\xbean\xbean-reflect\3.4\xbean-reflect-3.4.jar
Description: BeanShell
File Path: C:\Users\Jeremy\.m2\repository\org\beanshell\bsh\2.0b4\bsh-2.0b4.jar
MD5: a1c60aa83c9c9a6cb2391c1c1b85eb00
SHA1: a05f0a0feefa8d8467ac80e16e7de071489f0d9c
Referenced In Project:
dependency-plugin-tracker
Description: Integrates Groovy into Maven projects.
License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\codehaus\gmavenplus\gmavenplus-plugin\1.3\gmavenplus-plugin-1.3.jar
Description:
Commons CLI provides a simple API for presenting, processing and validating a command line interface.
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\groovy\groovy-all\2.4.0\groovy-all-2.4.0.jar
MD5: 47182a4e8999d305aa6a26b89dc034a3
SHA1: f8062abce6bb2ced6206d7208d6bf7a2da162883
Referenced In Project:
dependency-plugin-tracker
Severity:
High
CVSS Score: 7.5
CWE: CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.
Vulnerable Software & Versions: (show all)
Description:
Animal Sniffer Maven Plugin.
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\mojo\animal-sniffer-maven-plugin\1.14\animal-sniffer-maven-plugin-1.14.jar
MD5: 40b445446545a48a46f78289f900fbf5
SHA1: f24fee5194855a6a23c2fec9795bdbb0ff5a3cb4
Referenced In Project:
dependency-plugin-tracker
Description:
Animal Sniffer.
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\mojo\animal-sniffer\1.14\animal-sniffer-1.14.jar
MD5: 3fb2e340d2be696a3bec2aa56ed3711e
SHA1: 151548f12e21063df9acec3d0bcb2a1ee4df270f
Referenced In Project:
dependency-plugin-tracker
Description: This plugin contains various small independent goals to assist with Maven build lifecycle
License:
The MIT License: http://www.opensource.org/licenses/mit-license.phpFile Path: C:\Users\Jeremy\.m2\repository\org\codehaus\mojo\build-helper-maven-plugin\1.9.1\build-helper-maven-plugin-1.9.1.jar
Description:
This plugin is designed to give you a build number. So when you might make 100 builds of version
1.0-SNAPSHOT, you can differentiate between them all.
License:
The MIT License: LICENSE.txtFile Path: C:\Users\Jeremy\.m2\repository\org\codehaus\mojo\buildnumber-maven-plugin\1.3\buildnumber-maven-plugin-1.3.jar
Description: This Plug-In generates reports based on the FindBugs Library
License:
Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\codehaus\mojo\findbugs-maven-plugin\3.0.1\findbugs-maven-plugin-3.0.1.jar
Description:
Queries a java home in order to find its boot class path.
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\mojo\java-boot-classpath-detector\1.14\java-boot-classpath-detector-1.14.jar
MD5: 9efc45f738b3f3054f9ffd0238ac832e
SHA1: 072151a328dac9e7702421d1dd1f6ca597a7d2df
Referenced In Project:
dependency-plugin-tracker
Description: Maven plugin that generates JDepend reports for your projects.
License:
Apache License 2: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\codehaus\mojo\jdepend-maven-plugin\2.0\jdepend-maven-plugin-2.0.jar
Description: Analyze and report metrics on source code
License:
MIT License: http://www.opensource.org/licenses/mit-license.phpFile Path: C:\Users\Jeremy\.m2\repository\org\codehaus\mojo\sonar-maven-plugin\2.6\sonar-maven-plugin-2.6.jar
Description: Produce a tag list report.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\codehaus\mojo\taglist-maven-plugin\2.4\taglist-maven-plugin-2.4.jar
Description:
Tidy Plugin for Maven. The Tidy plugin provides goals for tidying up
your source code.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\codehaus\mojo\tidy-maven-plugin\1.0-beta-1\tidy-maven-plugin-1.0-beta-1.jar
Description:
Versions Plugin for Maven 2. The Versions Plugin updates the versions of components in the POM.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\codehaus\mojo\versions-maven-plugin\2.2\versions-maven-plugin-2.2.jar
Description:
Maven plugin that can be used to access various operations on a given URL using a supported maven wagon. Supports
recursive upload, download, and list directory content functionality.
License:
Apache License 2: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\codehaus\mojo\wagon-maven-plugin\1.0\wagon-maven-plugin-1.0.jar
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-archiver\2.10.2\plexus-archiver-2.10.2.jar
MD5: d42e04b8b9ceba644aac4e9d678c7d5f
SHA1: c07d84c5d96f9bf11e3840428cc4908af14edcb6
Referenced In Project:
dependency-plugin-tracker
Description:
Apache Commons Compress software defines an API for working with
compression and archive formats. These include: bzip2, gzip, pack200,
lzma, xz, Snappy, traditional Unix Compress, DEFLATE and ar, cpio,
jar, tar, zip, dump, 7z, arj.
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-archiver\2.10.2\plexus-archiver-2.10.2.jar\META-INF/maven/org.apache.commons/commons-compress/pom.xml
MD5: 1b336392de2c1399b6ac67c3ff9f5265
SHA1: ed101d5b5e677c995040ccdf91b334de58f521a5
Description: A class loader framework
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-classworlds\2.2.2\plexus-classworlds-2.2.2.jar
MD5: a7d552779645c1f7368fdaef3401c9cc
SHA1: 3a2bad2b58c1ca765d3f471cea8c1655d70fdfd9
Referenced In Project:
dependency-plugin-tracker
Description: Plexus Compilers component's API to manipulate compilers.
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-compiler-api\2.5\plexus-compiler-api-2.5.jar
MD5: 80e3bf3c147bb326e4790be0ca5e4b8e
SHA1: 10fec3fabc1cf8114a6d520b64b2665b4c71ca7a
Referenced In Project:
dependency-plugin-tracker
Description: Javac Compiler support for Plexus Compiler component.
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-compiler-javac\2.5\plexus-compiler-javac-2.5.jar
MD5: ae0e5251c3f221b683be113d17cc8eb6
SHA1: 5faa380e1b7416e4265ea98d3caa04bf797fc06c
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-compiler-manager\2.5\plexus-compiler-manager-2.5.jar
MD5: c21ae09d1a4501c5eb1f4ec4a23bab31
SHA1: 4ade4f1150252ceaf7d0fa8745993fbb2e623a3f
Referenced In Project:
dependency-plugin-tracker
Description:
Plexus Component "Java 5" Annotations, to describe plexus components properties in java sources with
standard annotations instead of javadoc annotations.
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-component-annotations\1.5.5\plexus-component-annotations-1.5.5.jar
MD5: ef37dcdb84030422db428b63c4354e5b
SHA1: c72f2660d0cbed24246ddb55d7fdc4f7374d2078
Referenced In Project:
dependency-plugin-tracker
Description:
The Plexus IoC container API and its default implementation.
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-container-default\1.5.5\plexus-container-default-1.5.5.jar
MD5: 9207a5b343b0cb5d22b09f41e87fce00
SHA1: 0265fa2851d31c2e2177859a518987595efe146b
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-digest\1.0\plexus-digest-1.0.jar
MD5: d068135769a92c23daccbc722ba4658e
SHA1: 5f6a5a5140cd39e8c987cf6c31429d917b31166e
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-i18n\1.0-beta-7\plexus-i18n-1.0-beta-7.jar
MD5: 65d4f673bd0c49dbc67e020e96b00753
SHA1: 3690f10a668b3c7ac2ef563f14cfb6b2ba30ee57
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-interactivity-api\1.0-alpha-6\plexus-interactivity-api-1.0-alpha-6.jar
MD5: 4f3e3b8a34729e317e4c2484016ca151
SHA1: c06f0eb818633033f09a87d14c4cfb6f39af9a37
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-interpolation\1.22\plexus-interpolation-1.22.jar
MD5: b129e421e0e7dff2df1b9769ca2968d5
SHA1: 1a3c07196ad64b0c5378ee1a2092fd72952e20bd
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-io\2.6\plexus-io-2.6.jar
MD5: 446a5be937d5e46507729ab228536ff1
SHA1: 7cb3049c78f2e3ce85cf24cb708694d9c2d48b35
Referenced In Project:
dependency-plugin-tracker
Description: A component to transparently retrieve resources from the filesystem, classpath or internet.
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-resources\1.0.1\plexus-resources-1.0.1.jar
MD5: 88d5e36983fa4f4f5554bd2acffe278c
SHA1: c98914e8da5475b8eb96586fbdd66891e01cdbb4
Referenced In Project:
dependency-plugin-tracker
Description: A collection of various utility classes to ease working with strings, files, command lines, XML and more.
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-utils\3.0.1\plexus-utils-3.0.1.jar
MD5: cf747dc19d955a291a512da1052957b5
SHA1: 06658663c32332061c039d7a88b3700b9a6661ee
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-velocity\1.1.8\plexus-velocity-1.1.8.jar
MD5: 39c87159cbb8cfab726a0f4e94406421
SHA1: d6b34818c82cd2e2f7bc75a2852d31283d154291
Referenced In Project:
dependency-plugin-tracker
License:
http://www.gnu.org/licenses/lgpl.txtFile Path: C:\Users\Jeremy\.m2\repository\org\codehaus\sonar\runner\sonar-runner-api\2.4\sonar-runner-api-2.4.jar
Description: Library for making HTTP requests
License:
MIT License: http://www.opensource.org/licenses/mit-license.phpFile Path: C:\Users\Jeremy\.m2\repository\org\codehaus\sonar\runner\sonar-runner-api\2.4\sonar-runner-api-2.4.jar\META-INF/maven/com.github.kevinsawicki/http-request/pom.xml
Description:
Commons-IO contains utility classes, stream implementations, file filters, file comparators and endian classes.
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\sonar\runner\sonar-runner-api\2.4\sonar-runner-api-2.4.jar\META-INF/maven/commons-io/commons-io/pom.xml
MD5: dda7e7373fa85ee2798fd76a4acedd4e
SHA1: 0e85782de6e708d9b62c7c2fe46634933b431137
Description: Access the user home directory that contains cache of files
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\sonar\runner\sonar-runner-api\2.4\sonar-runner-api-2.4.jar\META-INF/maven/org.codehaus.sonar/sonar-home/pom.xml
MD5: c690ae11427f8ee504e560c5a59da996
SHA1: 1f549dad9d0981b17e438d456aa06b61cd2d5226
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\sonar\runner\sonar-runner-api\2.4\sonar-runner-api-2.4.jar\sonar-runner-batch.jar
MD5: a83ec851c8f9debf546b5a5e9c37b20f
SHA1: 24c4511d34774b124aa9a1e75f0f0f040b2dcb98
File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\sonar\runner\sonar-runner-api\2.4\sonar-runner-api-2.4.jar\sonar-runner-impl.jar
MD5: 4bd52887ce2b173c8b5c45cdaaf4a05d
SHA1: a1e69b8cf8e9a2f479ee766e06e0b8b4865c13b3
Description: Stax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API.
License:
The BSD License: http://www.opensource.org/licenses/bsd-license.phpFile Path: C:\Users\Jeremy\.m2\repository\org\codehaus\woodstox\stax2-api\3.1.1\stax2-api-3.1.1.jar
Description: Woodstox is a high-performance XML processor that
implements Stax (JSR-173) and SAX2 APIs
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\codehaus\woodstox\woodstox-core-asl\4.2.0\woodstox-core-asl-4.2.0.jar
Description: Woodstox is a high-performance XML processor that implements Stax (JSR-173) API
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\codehaus\woodstox\wstx-asl\3.2.7\wstx-asl-3.2.7.jar
Description:
The application programming interface for the repository system.
License:
http://www.eclipse.org/legal/epl-v10.htmlFile Path: C:\Users\Jeremy\.m2\repository\org\eclipse\aether\aether-api\0.9.0.M2\aether-api-0.9.0.M2.jar
Description:
An implementation of the repository system.
License:
http://www.eclipse.org/legal/epl-v10.htmlFile Path: C:\Users\Jeremy\.m2\repository\org\eclipse\aether\aether-impl\0.9.0.M2\aether-impl-0.9.0.M2.jar
Description:
The service provider interface for repository system implementations and repository connectors.
License:
http://www.eclipse.org/legal/epl-v10.htmlFile Path: C:\Users\Jeremy\.m2\repository\org\eclipse\aether\aether-spi\0.9.0.M2\aether-spi-0.9.0.M2.jar
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.
Vulnerable Software & Versions: (show all)
Description:
A collection of utility classes to ease usage of the repository system.
License:
http://www.eclipse.org/legal/epl-v10.htmlFile Path: C:\Users\Jeremy\.m2\repository\org\eclipse\aether\aether-util\0.9.0.M2\aether-util-0.9.0.M2.jar
Description: Eclipse Core Commands
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.htmlFile Path: C:\Users\Jeremy\.m2\repository\org\eclipse\core\org.eclipse.core.commands\3.6.0\org.eclipse.core.commands-3.6.0.jar
Description: Common Eclipse Runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.htmlFile Path: C:\Users\Jeremy\.m2\repository\org\eclipse\equinox\org.eclipse.equinox.common\3.6.0\org.eclipse.equinox.common-3.6.0.jar
Description: Eclipse JDT Core Batch Compiler
License:
Eclipse Public License v1.0: http://www.eclipse.org/org/documents/epl-v10.phpFile Path: C:\Users\Jeremy\.m2\repository\org\eclipse\jdt\core\compiler\ecj\4.2.2\ecj-4.2.2.jar
Description:
Repository access and algorithms
File Path: C:\Users\Jeremy\.m2\repository\org\eclipse\jgit\org.eclipse.jgit\3.7.0.201502260915-r\org.eclipse.jgit-3.7.0.201502260915-r.jar
MD5: 26ed4ce34da6e217b92e0c945410ab5b
SHA1: 549589e179dfa51370b20ee9dc8afea3dabbf8f3
Referenced In Project:
dependency-plugin-tracker
License:
http://www.eclipse.org/legal/epl-v10.htmlFile Path: C:\Users\Jeremy\.m2\repository\org\eclipse\sisu\org.eclipse.sisu.inject\0.0.0.M2a\org.eclipse.sisu.inject-0.0.0.M2a.jar
File Path: C:\Users\Jeremy\.m2\repository\org\eclipse\sisu\org.eclipse.sisu.plexus\0.0.0.M2a\org.eclipse.sisu.plexus-0.0.0.M2a.jar
MD5: ad12584ce30edeacab4a6c32f4afd9b9
SHA1: 07510dc8dfe27a0b57c17601bc760b7b0c8f95fa
Referenced In Project:
dependency-plugin-tracker
Description: Text
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.htmlFile Path: C:\Users\Jeremy\.m2\repository\org\eclipse\text\org.eclipse.text\3.5.101\org.eclipse.text-3.5.101.jar
Description: This is org.eclipse.jdt.core jar used by Tycho
License:
Eclipse Public License: http://www.eclipse.org/legal/epl-v10.htmlFile Path: C:\Users\Jeremy\.m2\repository\org\eclipse\tycho\org.eclipse.jdt.core\3.10.0.v20140604-1726\org.eclipse.jdt.core-3.10.0.v20140604-1726.jar
File Path: C:\Users\Jeremy\.m2\repository\org\eclipse\tycho\org.eclipse.jdt.core\3.10.0.v20140604-1726\org.eclipse.jdt.core-3.10.0.v20140604-1726.jar\jdtCompilerAdapter.jar
MD5: 795303b6e3b1f8c0848e7419128d819b
SHA1: b69455425b83ac824d49bf80d821d04c9ad3f994
Description: Maven plugin for submitting Java code coverage reports to Coveralls web service.
License:
The MIT License (MIT): http://opensource.org/licenses/MITFile Path: C:\Users\Jeremy\.m2\repository\org\eluder\coveralls\coveralls-maven-plugin\3.1.0\coveralls-maven-plugin-3.1.0.jar
Description: Jansi is a java library for generating and interpreting ANSI escape sequences.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\fusesource\jansi\jansi\1.11\jansi-1.11.jar
Description: The API that projects using HawtJNI should build against.
File Path: C:\Users\Jeremy\.m2\repository\org\fusesource\jansi\jansi\1.11\jansi-1.11.jar\META-INF/maven/org.fusesource.hawtjni/hawtjni-runtime/pom.xml
MD5: 9343dc158b5894310f26732ebb2b73ee
SHA1: 14df4655274e472909050661f8e9ed98a28b6721
Description: Jansi is a java library for generating and interpreting ANSI escape sequences.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\fusesource\jansi\jansi\1.11\jansi-1.11.jar\META-INF/maven/org.fusesource.jansi/jansi-native/pom.xml
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-api\2.3.1-b411\webservices-api-2.3.1-b411.jar
MD5: 114b3327ad412414a333cbbb616a51f9
SHA1: f7ed9152ebe9c5e5a0a5031ab4abb229543195b0
Referenced In Project:
dependency-plugin-tracker
Description: JAXB (JSR 222) API
License:
CDDL 1.1: https://glassfish.java.net/public/CDDL+GPL_1_1.html GPL2 w/ CPE: https://glassfish.java.net/public/CDDL+GPL_1_1.htmlFile Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-api\2.3.1-b411\webservices-api-2.3.1-b411.jar\META-INF/maven/javax.xml.bind/jaxb-api/pom.xml
Description: SAAJ API
License:
CDDL 1.1: https://glassfish.java.net/public/CDDL+GPL_1_1.html GPL2 w/ CPE: https://glassfish.java.net/public/CDDL+GPL_1_1.htmlFile Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-api\2.3.1-b411\webservices-api-2.3.1-b411.jar\META-INF/maven/javax.xml.soap/javax.xml.soap-api/pom.xml
Description: JAX-WS (JSR 224) API
License:
Dual license consisting of the CDDL v1.1 and GPL v2
: http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-api\2.3.1-b411\webservices-api-2.3.1-b411.jar\META-INF/maven/javax.xml.ws/jaxws-api/pom.xml
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar
MD5: 5dad60826516821aedc549c03c5702db
SHA1: fc604ba14ae0c6aabc50c454d81065df83290755
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/com.sun.istack/istack-commons-runtime/pom.xml
MD5: ce35f206165ae70f66d16adef60aeab3
SHA1: 647be046be1e9fbe2979a158bf39f8aec8775e0e
Description: Old JAXB Core module. Contains sources required by XJC, JXC and Runtime modules with dependencies.
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/com.sun.xml.bind/jaxb-core/pom.xml
MD5: 2b198ba54a7dabac4bc41c9ce4d9b952
SHA1: 9f8d2853ac3355036700468c60a73ababc2c083a
Description: Old JAXB Runtime module. Contains sources required for runtime processing.
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/com.sun.xml.bind/jaxb-impl/pom.xml
MD5: 2db62eb02f60b8a4eba451ac20bdc54e
SHA1: 05430dd72af2ddda07592e6218d0a17289928e4c
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/com.sun.xml.fastinfoset/FastInfoset/pom.xml
MD5: 6676b99d64695e696d16862a061e2d7e
SHA1: bc1ac953addb710ec08dcca6465bb1f6fcfd7ee9
Description:
Open source Reference Implementation of JSR-67: SOAP with Attachments API for Java (SAAJ MR :1.3)
License:
Dual license consisting of the CDDL v1.1 and GPL v2
: http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/com.sun.xml.messaging.saaj/saaj-impl/pom.xmlDescription: Stream based representation for XML infoset
License:
Dual license consisting of the CDDL v1.1 and GPL v2
: https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/com.sun.xml.stream.buffer/streambuffer/pom.xmlDescription: HTTP SPI for JAX-WS RI
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/com.sun.xml.ws/httpspi-servlet/pom.xml
MD5: ad3b0cbce1119a00645e449eb25c63da
SHA1: 483be1a8499cbae1fbfb1adbbbb14a428e539902
Description: WS-Policy implementation for Project Metro
License:
Dual License: CDDL 1.0 and GPL V2 with Classpath Exception: http://glassfish.java.net/public/CDDL+GPL_1_1.htmlFile Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/com.sun.xml.ws/policy/pom.xml
Description: Fast Infoset Support for JAX-WS RI
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/com.sun.xml.ws/rt-fi/pom.xml
MD5: 143536bdcd7c60de567041e2cb11607d
SHA1: dfeea959ff27831137d9d7aacc3618997698c43a
Description: High Availability Support for JAX-WS RI
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/com.sun.xml.ws/rt-ha/pom.xml
MD5: 8efe5eb736fa8c20543d487e0eba6c9a
SHA1: d65066035b4b3e717cbfe3cad24e9cea024150fe
Description: JAX-WS Reference Implementation Runtime
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/com.sun.xml.ws/rt/pom.xml
MD5: 5009a170767a4589f1e3c7388e85670f
SHA1: 08d6ff5fe5bdd3054cd85789d9f95d7b96c160b7
Description: Servlet Support for JAX-WS RI
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/com.sun.xml.ws/servlet/pom.xml
MD5: 5d0feeadde65ac448367eb7ece8de1c8
SHA1: acc980dadfe3d4eec4621ca1399c60ccfa64d99c
Description: GlassFish Common APIs
License:
CDDL+GPL: https://glassfish.dev.java.net/public/CDDL+GPL.htmlFile Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.external/management-api/pom.xml
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-310 Cryptographic Issues
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-310 Cryptographic Issues
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
Vulnerable Software & Versions: (show all)
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.ha/ha-api/pom.xml
MD5: 32795041a0091c606f8847d9f72497d2
SHA1: 81975880ba7b8ee1931900b0622069e6a06aafad
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-310 Cryptographic Issues
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-310 Cryptographic Issues
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
Vulnerable Software & Versions: (show all)
Description: JAXB Core module. Contains sources required by XJC, JXC and Runtime modules.
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.jaxb/jaxb-core/pom.xml
MD5: ec6710c0a3546d953540990138dc48f7
SHA1: c686f3d8cf2778cbd16790f45e8e52c7ab7a97a0
Description: JAXB (JSR 222) Reference Implementation
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.jaxb/jaxb-runtime/pom.xml
MD5: 24532d5ec1762c1687888967e3a6d6ea
SHA1: ab1369da7a59397b8fd95bb3df089a1ced2be23f
Description:
TXW is a library that allows you to write XML documents.
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.jaxb/txw2/pom.xml
MD5: 3b5d78ff4cfae627cf8a2aec500fbf2c
SHA1: 2d5d488186fd3e9c81f9e83255b9a8db3a2b4d12
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/metro-cm-api/pom.xml
MD5: 956319e6a7bb4f2dfd99b62bdeddb987
SHA1: 2a808e88d02f573cbd250498d447d260b31dc6bc
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/metro-cm-impl/pom.xml
MD5: 6d8a3c895977b32168ec44640d2a566a
SHA1: c9364b9c16300928c5ce552af88446d929e9d78a
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/metro-commons/pom.xml
MD5: b753885744bfc438ee3e623ac0701579
SHA1: c924a61ec458ceeef3cf5faf153821aa23702f49
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/metro-config-api/pom.xml
MD5: 19778177f1a6411bf5d2774ba3cf6aeb
SHA1: 3b0bba5c440a50561fb78789617329c8f0765221
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/metro-config-impl/pom.xml
MD5: 40d7849b78121c9ae768d6db61f0eff2
SHA1: 9e9ae4f1a748369d9c10d3b5981e9f629e1ddc9e
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/metro-runtime-api/pom.xml
MD5: 452cf07f83ffa41bcc8a13a9e43983bb
SHA1: b310a64d5eddbb65f3b107d68c3552c55d2ca340
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/metro-runtime-impl/pom.xml
MD5: b20af5c6090823fa58d2abaeb2c87065
SHA1: d32bd813010c4a3a5cd9c519823071589875f79e
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/soaptcp-api/pom.xml
MD5: 7eff27173a34d50cf17d1d4e57f286fc
SHA1: bda8557273bfd656e503e888b81f99efad9a0393
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/soaptcp-impl/pom.xml
MD5: 5ca70d15e20b94b777bac3107c7d182f
SHA1: 99e5308f0a53a30b43c3ea3d9126a665bd227237
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/ws-mex/pom.xml
MD5: cfd940600d2a0a92f5eb6c5c34651da8
SHA1: a277f7ae6817402c6a4baa7a70fbfe73dbd95e81
Description:
This module contains the Metro WSIT API
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/wsit-api/pom.xml
MD5: a4be22a6b1f32fcca47cc729ae8ed6b9
SHA1: 69770a904d052f4689aad3f5c92954ecc4b546b4
Description:
This module contains the Metro WSIT runtime code.
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/wsit-impl/pom.xml
MD5: 79e47bad3eb20e7b0821c1edf505f6ad
SHA1: 72f9b97c266dc3e1014c51e59df4406c1269713f
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/wsmc-api/pom.xml
MD5: dd62ca5000ef97878f0923dcbf1dae3d
SHA1: 18f467a8ef1a51dd49a629003468784a690d57a1
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/wsmc-impl/pom.xml
MD5: 45aa405c9ceaed46dc600c74b8715d13
SHA1: f72f2f85e12034d61f8b05b804150955ff8b7ea8
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/wsrm-api/pom.xml
MD5: 01e329716e5c0b90944bfd3cbcd22fac
SHA1: 53ada7a7d0657b49ffc2000447478400914325b6
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/wsrm-impl/pom.xml
MD5: f3de43dfe0b031b58efe6a78af6f47f1
SHA1: a18ddbf951f21c94596d596094ceaeb7634e897a
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/wsrx-commons/pom.xml
MD5: 03db693337af36d35ef1c503b96997fc
SHA1: a48ea39b9ad8edecf84be3018789d8e1c072670d
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/wsrx-testing/pom.xml
MD5: efccc3327f0de1105be8bca484f27c8d
SHA1: 5253207aa1db41e17b64579438484dc53d74a084
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/wssx-api/pom.xml
MD5: 3f7578638ca08f2c47a2603c7d16ca16
SHA1: d11fada568d63345819df6abbcde6637071b736a
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/wssx-impl/pom.xml
MD5: e703dcdbc0dead2f95cd5be04703a0da
SHA1: 4b36b78389d1dceffc6daba1ba06c6e49568c798
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/wstx-api/pom.xml
MD5: f428b7cf92221cf8e69af1cbe7105d53
SHA1: 065add068f1954355c6fb283a7b5409724d8bdf3
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/wstx-core/pom.xml
MD5: 449ae4d7bad31bb1460a8dfe9a912807
SHA1: e904ed82064122d9f377bf38bdad4c7ef5c4449a
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/wstx-impl/pom.xml
MD5: 85860b4382d2c4083860c78fb477f35a
SHA1: 31c363b317db2c87d743ce12f77a16c87c4f3cfc
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.glassfish.metro/xmlfilter/pom.xml
MD5: cb4db246c35d2b454aea5b5defaf029b
SHA1: c0465ce2a7b418553e45d94ba63ce2293b8a3b70
Description:
Provides a streaming API to access attachments parts in a MIME message.
License:
CDDL 1.1: https://glassfish.java.net/public/CDDL+GPL_1_1.html GPL2 w/ CPE: https://glassfish.java.net/public/CDDL+GPL_1_1.htmlFile Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.jvnet.mimepull/mimepull/pom.xml
Description: Extensions to JSR-173 StAX API.
License:
Dual license consisting of the CDDL v1.1 and GPL v2
: https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-rt\2.3.1-b411\webservices-rt-2.3.1-b411.jar\META-INF/maven/org.jvnet.staxex/stax-ex/pom.xml
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-tools\2.3.1-b411\webservices-tools-2.3.1-b411.jar
MD5: 880086d7e3f451e010fa97055a1c963f
SHA1: ca5c51b576978544ffe54da64f9e5835752fb6b8
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-tools\2.3.1-b411\webservices-tools-2.3.1-b411.jar\META-INF/maven/com.sun.istack/istack-commons-tools/pom.xml
MD5: 0e312642ffc4fc2735bf2f007150b34e
SHA1: a76f27567d4e8b68540f4e7f4da8479147fbc5fb
Description:
RNGOM is a RelaxNG Object model library (XSOM for RelaxNG). Sources from http://rngom.java.net, version 20050510.
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-tools\2.3.1-b411\webservices-tools-2.3.1-b411.jar\META-INF/maven/com.sun.xml.bind.external/rngom/pom.xml
MD5: 566755e5079c3e6ce965f3c11ba0b303
SHA1: fb3c6e01c6bdc87d93629e80643ada3d55e02579
Description:
Old JAXB schema generator.The *tool* to generate XML schema based on java classes.
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-tools\2.3.1-b411\webservices-tools-2.3.1-b411.jar\META-INF/maven/com.sun.xml.bind/jaxb-jxc/pom.xml
MD5: 0b94efc25b6f39249c8c96719bc7deb4
SHA1: 0ae197896e2a6e92cc84353e1a4f5be32f348c80
Description:
Old JAXB Binding Compiler. Contains source code needed for binding customization files into java sources.
In other words: the *tool* to generate java classes for the given xml representation.
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-tools\2.3.1-b411\webservices-tools-2.3.1-b411.jar\META-INF/maven/com.sun.xml.bind/jaxb-xjc/pom.xml
MD5: 3fd6b181527dde5ce09ccea6aa9cf4b2
SHA1: 05adc723b7a4dab1bddafc1bf753b2f213f26a63
Description: SAX-like API for parsing XML DTDs.
License:
Berkeley Software Distribution (BSD) License: http://www.opensource.org/licenses/bsd-license.phpFile Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-tools\2.3.1-b411\webservices-tools-2.3.1-b411.jar\META-INF/maven/com.sun.xml.dtd-parser/dtd-parser/pom.xml
Description: JAX-WS RI Tools
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-tools\2.3.1-b411\webservices-tools-2.3.1-b411.jar\META-INF/maven/com.sun.xml.ws/wscompile/pom.xml
MD5: 6480c53a0f3c563a8c41f0344d5087ad
SHA1: a775514a8028e3750e1e1831d5d62f5b933fb679
Description: XML Schema Object Model (XSOM) is a Java library that allows applications to easily parse XML Schema documents and inspect information in them. It is expected to be useful for applications that need to take XML Schema as an input.
License:
CDDL v1.1 / GPL v2 dual license: http://glassfish.java.net/public/CDDL+GPL_1_1.htmlFile Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-tools\2.3.1-b411\webservices-tools-2.3.1-b411.jar\META-INF/maven/com.sun.xsom/xsom/pom.xml
Description: The core functionality of the CodeModel java source code generation library
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-tools\2.3.1-b411\webservices-tools-2.3.1-b411.jar\META-INF/maven/org.glassfish.jaxb/codemodel/pom.xml
MD5: 6b6fea7b39b5e24095047bf60ecfa67e
SHA1: ff50720390c6495f21ac9ce36da11dad17e685c2
Description:
JAXB schema generator.The *tool* to generate XML schema based on java classes.
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-tools\2.3.1-b411\webservices-tools-2.3.1-b411.jar\META-INF/maven/org.glassfish.jaxb/jaxb-jxc/pom.xml
MD5: 0c4def0e092f93876ece5b49f055af3a
SHA1: 843b8383e690f1ed6241292145fa1a36117ee865
Description:
JAXB Binding Compiler. Contains source code needed for binding customization files into java sources.
In other words: the *tool* to generate java classes for the given xml representation.
File Path: C:\Users\Jeremy\.m2\repository\org\glassfish\metro\webservices-tools\2.3.1-b411\webservices-tools-2.3.1-b411.jar\META-INF/maven/org.glassfish.jaxb/jaxb-xjc/pom.xml
MD5: aa5a96ecbb5d328967e4087e0d2ca730
SHA1: db71fe800b013b667419ebe7dfc2af8b398c3e59
File Path: C:\Users\Jeremy\.m2\repository\org\hibernate\hibernate-validator-annotation-processor\5.2.1.Final\hibernate-validator-annotation-processor-5.2.1.Final.jar
MD5: 70468addb6ae6d2230299d1fa8df1e28
SHA1: 1aa771e9411dfa5f5d4f838fe9bbd330a474e744
Referenced In Project:
dependency-plugin-tracker
Description: The JaCoCo Maven Plugin provides the JaCoCo runtime agent to your tests and allows basic report creation.
File Path: C:\Users\Jeremy\.m2\repository\org\jacoco\jacoco-maven-plugin\0.7.5.201505241946\jacoco-maven-plugin-0.7.5.201505241946.jar
MD5: 0865bd182336445e1ca13656ba6fd920
SHA1: 0a5e4dbbcd9b00e5ee42d928e10ab84f6f0b0835
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\jacoco\org.jacoco.agent\0.7.5.201505241946\org.jacoco.agent-0.7.5.201505241946-runtime.jar
MD5: 490e7fd8d668563d1d6e2517cf989480
SHA1: 129ffc571efbc9319f46be21ee37fe333ce34b70
Referenced In Project:
dependency-plugin-tracker
Description: JaCoCo Java Agent
File Path: C:\Users\Jeremy\.m2\repository\org\jacoco\org.jacoco.agent\0.7.5.201505241946\org.jacoco.agent-0.7.5.201505241946-runtime.jar\META-INF/maven/org.jacoco/org.jacoco.agent.rt/pom.xml
MD5: 8d6308a2efc142c3ffae2cbd9ef55cae
SHA1: 3f56e966050e714e9f7f01a4842f9015cc7c7cc1
Description: JaCoCo Core
File Path: C:\Users\Jeremy\.m2\repository\org\jacoco\org.jacoco.core\0.7.5.201505241946\org.jacoco.core-0.7.5.201505241946.jar
MD5: 2a32d5068a4e66c3dffef52ad3d15a52
SHA1: 1ea906dc5201d2a1bc0604f8650534d4bcaf4c95
Referenced In Project:
dependency-plugin-tracker
Description: JaCoCo Reporting
File Path: C:\Users\Jeremy\.m2\repository\org\jacoco\org.jacoco.report\0.7.5.201505241946\org.jacoco.report-0.7.5.201505241946.jar
MD5: eb216bb233070d0af9a6ff7243b433c7
SHA1: cb1ac5562a45c98cd7b774452f3e8b867b71cd65
Referenced In Project:
dependency-plugin-tracker
Description:
JDOM is, quite simply, a Java representation of an XML document. JDOM provides a way to represent that document for
easy and efficient reading, manipulation, and writing. It has a straightforward API, is a lightweight and fast, and
is optimized for the Java programmer. It's an alternative to DOM and SAX, although it integrates well with both DOM
and SAX.
File Path: C:\Users\Jeremy\.m2\repository\org\jdom\jdom\1.1\jdom-1.1.jar
MD5: adf67fc5dcf48e1593640ad7e02f6ad4
SHA1: 1d04c0f321ea337f3661cf7ede8f4c6f653a8fdd
Referenced In Project:
dependency-plugin-tracker
Description:
JSON (JavaScript Object Notation) is a lightweight data-interchange format.
It is easy for humans to read and write. It is easy for machines to parse and generate.
It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition
- December 1999. JSON is a text format that is completely language independent but uses
conventions that are familiar to programmers of the C-family of languages, including C, C++, C#,
Java, JavaScript, Perl, Python, and many others.
These properties make JSON an ideal data-interchange language.
License:
provided without support or warranty: http://www.json.org/license.htmlFile Path: C:\Users\Jeremy\.m2\repository\org\json\json\20090211\json-20090211.jar
Description: jsoup HTML parser
License:
The MIT License: http://jsoup.com/licenseFile Path: C:\Users\Jeremy\.m2\repository\org\jsoup\jsoup\1.7.2\jsoup-1.7.2.jar
Description: Jetty server core
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.phpFile Path: C:\Users\Jeremy\.m2\repository\org\mortbay\jetty\jetty\6.1.25\jetty-6.1.25.jar
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-310 Cryptographic Issues
Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Vulnerable Software & Versions: (show all)
Description: Servlet Specification API
License:
http://www.apache.org/licenses/LICENSE-2.0File Path: C:\Users\Jeremy\.m2\repository\org\mortbay\jetty\servlet-api\2.5-20081211\servlet-api-2.5-20081211.jar
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-310 Cryptographic Issues
Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in Mort Bay Jetty before 6.1.17 allows remote attackers to inject arbitrary web script or HTML via a directory listing request containing a ; (semicolon) character.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')
CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
CWE: CWE-200 Information Exposure
Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash ("%5C") characters. NOTE: this might be the same issue as CVE-2006-2758.
Vulnerable Software & Versions: (show all)
Description: Rhino is an open-source implementation of JavaScript written entirely in Java. It is typically embedded into Java applications to provide scripting to end users.
License:
Mozilla Public License, Version 2.0: http://www.mozilla.org/MPL/2.0/index.txtFile Path: C:\Users\Jeremy\.m2\repository\org\mozilla\rhino\1.7R4\rhino-1.7R4.jar
License:
Sun Public License: http://www.netbeans.org/about/legal/spl.htmlFile Path: C:\Users\Jeremy\.m2\repository\org\netbeans\lib\cvsclient\20060125\cvsclient-20060125.jar
File Path: C:\Users\Jeremy\.m2\repository\org\ow2\asm\asm-all\5.0.3\asm-all-5.0.3.jar
MD5: c5cc4613bbdfba3ccf5f0ab85390d0b8
SHA1: 4333508b8dd8ee72aa4e39afa713b3a74579b773
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\ow2\asm\asm-analysis\4.1\asm-analysis-4.1.jar
MD5: 3d381440395ae8c4b25d759c286e5743
SHA1: 73401033069e4714f57b60aeae02f97210aaa64e
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\ow2\asm\asm-commons\5.0.2\asm-commons-5.0.2.jar
MD5: 91713c030b7c7e557fb3543cf271f514
SHA1: 33fd77f7d9f985e4b9bee5e4c3a4e480c491c404
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\ow2\asm\asm-debug-all\5.0.2\asm-debug-all-5.0.2.jar
MD5: 2c7f3426d91c6e2008542f86e52c5d26
SHA1: 5742eaa4eb2f0583b642eb2a2a7597c996139103
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\ow2\asm\asm-tree\5.0.2\asm-tree-5.0.2.jar
MD5: ef275823c424317fc951a8c8b8dff08b
SHA1: 407b3da4cdb780701be40ccf6e8ef540f3d5a249
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\ow2\asm\asm-util\4.1\asm-util-4.1.jar
MD5: 552c18b83a11dc7ec246e4762e6f1f84
SHA1: 6344065cb0f94e2b930a95e6656e040ebc11df08
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\ow2\asm\asm\5.0.4\asm-5.0.4.jar
MD5: c8a73cdfdf802ab0220c860d590d0f84
SHA1: 0da08b8cce7bbf903602a25a3a163ae252435795
Referenced In Project:
dependency-plugin-tracker
Description: Elegant parsing in Java and Scala - lightweight, easy-to-use, powerful
License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\parboiled\parboiled-core\1.1.4\parboiled-core-1.1.4.jar
Description: Elegant parsing in Java and Scala - lightweight, easy-to-use, powerful
License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\parboiled\parboiled-java\1.1.4\parboiled-java-1.1.4.jar
Description: A Java 1.5+ library providing a clean and lightweight markdown processor
License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\pegdown\pegdown\1.2.1\pegdown-1.2.1.jar
Description: Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!
License:
The MIT License: http://projectlombok.org/LICENSEFile Path: C:\Users\Jeremy\.m2\repository\org\projectlombok\lombok\1.16.4\lombok-1.16.4.jar
File Path: C:\Users\Jeremy\.m2\repository\org\projectlombok\lombok\1.16.4\lombok-1.16.4.jar\lombok\installer\WindowsDriveInfo-i386.dll
MD5: c4d7064e400a22cc9a59d2d97382b5b8
SHA1: 63ac163436b8400dcc25f7d13e7a86313fd28a98
File Path: C:\Users\Jeremy\.m2\repository\org\projectlombok\lombok\1.16.4\lombok-1.16.4.jar\lombok\installer\WindowsDriveInfo-x86_64.dll
MD5: cdf042a66f9681f362c365131e3c38dd
SHA1: a4598a189d82ae291faead4c0eec6abf22b256be
Description: JCL 1.1.1 implemented over SLF4J
File Path: C:\Users\Jeremy\.m2\repository\org\slf4j\jcl-over-slf4j\1.7.5\jcl-over-slf4j-1.7.5.jar
MD5: 4dde0990b45d1bbba6ee141da8fa9c25
SHA1: 0cd5970bd13fa85f7bed41ca606d6daf7cbf1365
Referenced In Project:
dependency-plugin-tracker
Description: The slf4j API
File Path: C:\Users\Jeremy\.m2\repository\org\slf4j\slf4j-api\1.7.12\slf4j-api-1.7.12.jar
MD5: 68910bf95dbcf90ce5859128f0f75d1e
SHA1: 8e20852d05222dc286bf1c71d78d0531e177c317
Referenced In Project:
dependency-plugin-tracker
Description:
The slf4j log4j-12 binding
File Path: C:\Users\Jeremy\.m2\repository\org\slf4j\slf4j-log4j12\1.5.10\slf4j-log4j12-1.5.10.jar
MD5: 352e66e47739f692221c4717353b939e
SHA1: 08274abbf7065ca15cf877d199a8bf75dba87f36
Referenced In Project:
dependency-plugin-tracker
Description:
A collection of utility classes to ease usage of the repository system.
File Path: C:\Users\Jeremy\.m2\repository\org\sonatype\aether\aether-util\1.7\aether-util-1.7.jar
MD5: df02504fdf485555fc8bec459325d4ba
SHA1: 38485c9c086c3c867c2dd5371909337bd056c492
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\sonatype\plexus\plexus-build-api\0.0.7\plexus-build-api-0.0.7.jar
MD5: 49f0f8c6bdf2687e358870a4fc1559c6
SHA1: e6ba5cd4bfd8de00235af936e7f63eb24ed436e6
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\sonatype\plexus\plexus-cipher\1.4\plexus-cipher-1.4.jar
MD5: 7b2d6fcf0d5800d5b1ce09d98d98dcaf
SHA1: 50ade46f23bb38cd984b4ec560c46223432aac38
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\org\sonatype\plexus\plexus-sec-dispatcher\1.4\plexus-sec-dispatcher-1.4.jar
MD5: 0a46e5bc9bc2fbd3b68091066aff2737
SHA1: 43fde524e9b94c883727a9fddb8669181b890ea7
Referenced In Project:
dependency-plugin-tracker
Description: Patched build of Guice: a lightweight dependency injection framework for Java 5 and above
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\sonatype\sisu\sisu-guice\3.1.0\sisu-guice-3.1.0-no_aop.jar
File Path: C:\Users\Jeremy\.m2\repository\org\sonatype\spice\model-builder\1.3\model-builder-1.3.jar
MD5: c054d2fa25d462f85dc202317a114224
SHA1: 37534174c8e7332d2fda4012521ecece84ec4149
Referenced In Project:
dependency-plugin-tracker
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\org\springframework\spring-core\3.1.3.RELEASE\spring-core-3.1.3.RELEASE.jar
Severity:
Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
CWE: CWE-352
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
CWE: CWE-264 Permissions, Privileges, and Access Controls
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.
Vulnerable Software & Versions: (show all)
Description: A pure Java library for managing SQLite databases
License:
http://sqljet.com/File Path: C:\Users\Jeremy\.m2\repository\org\tmatesoft\sqljet\sqljet\1.0.4\sqljet-1.0.4.jar
Description: A pure Java Subversion library, formerly known as JavaSVN
License:
http://svnkit.com/license.htmlFile Path: C:\Users\Jeremy\.m2\repository\org\tmatesoft\svnkit\svnkit\1.3.5\svnkit-1.3.5.jar
File Path: C:\Users\Jeremy\.m2\repository\org\tmatesoft\svnkit\svnkit\1.3.5\svnkit-1.3.5.jar\org\tmatesoft\svn\core\io\repository\template.jar
MD5: 7c709f1f7bc761ef0a10b0d51c0cfb7c
SHA1: 2b270a4f68980879cb48d0298ce543067821f390
Description: A pure Java implementation of the SSH-2 protocol, a successor to Ganymed
License:
http://www.trilead.com/Products/Trilead_SSH_for_Java/License/File Path: C:\Users\Jeremy\.m2\repository\org\tmatesoft\svnkit\trilead-ssh2\build213-svnkit-1.3-patch\trilead-ssh2-build213-svnkit-1.3-patch.jar
Description: XZ data compression
License:
Public DomainFile Path: C:\Users\Jeremy\.m2\repository\org\tukaani\xz\1.0\xz-1.0.jar
File Path: C:\Users\Jeremy\.m2\repository\oro\oro\2.0.8\oro-2.0.8.jar
MD5: 42e940d5d2d822f4dc04c65053e630ab
SHA1: 5592374f834645c4ae250f4c9fbb314c9369d698
Referenced In Project:
dependency-plugin-tracker
File Path: C:\Users\Jeremy\.m2\repository\pl\project13\maven\git-commit-id-plugin\2.1.15\git-commit-id-plugin-2.1.15.jar
MD5: 549cae896b617497c5e7a69c7b170489
SHA1: 0474952d0d0d1a5a28f9f33953c3358ec14111ac
Referenced In Project:
dependency-plugin-tracker
Severity:
High
CVSS Score: 7.5
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy.
Vulnerable Software & Versions: (show all)
Description: SLF4J Simple binding
File Path: C:\Users\Jeremy\.m2\repository\pl\project13\maven\git-commit-id-plugin\2.1.15\git-commit-id-plugin-2.1.15.jar\META-INF/maven/org.slf4j/slf4j-simple/pom.xml
MD5: bdd5599112d60c9b82e64c20284c3104
SHA1: 5efef78569ff3201ed870cd54cb0fb95865e1263
File Path: C:\Users\Jeremy\.m2\repository\regexp\regexp\1.3\regexp-1.3.jar
MD5: 6dcdc325850e40b843cac2a25fb2121e
SHA1: 973df2b78b67bcd3144c3dbbb88da691065a3f8d
Referenced In Project:
dependency-plugin-tracker
Description: Rhino: JavaScript for Java
License:
Mozilla Public License version 1.1: http://www.mozilla.org/MPL/MPL-1.1.htmlFile Path: C:\Users\Jeremy\.m2\repository\rhino\js\1.6R7\js-1.6R7.jar
License:
Apache Software License, Version 1.1: http://www.apache.org/licenses/LICENSE-1.1File Path: C:\Users\Jeremy\.m2\repository\sslext\sslext\1.2-0\sslext-1.2-0.jar
Severity:
Medium
CVSS Score: 4.3
Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.8
ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
Vulnerable Software & Versions:
Description: StAX API is the standard java XML processing API defined by JSR-173
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\stax\stax-api\1.0.1\stax-api-1.0.1.jar
File Path: C:\Users\Jeremy\.m2\repository\xalan\xalan\2.7.0\xalan-2.7.0.jar
MD5: a018d032c21a873225e702b36b171a10
SHA1: a33c0097f1c70b20fa7ded220ea317eb3500515e
Referenced In Project:
dependency-plugin-tracker
Description:
Xerces2 is the next generation of high performance, fully compliant XML parsers in the
Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface (XNI),
a complete framework for building parser components and configurations that is extremely
modular and easy to program.
File Path: C:\Users\Jeremy\.m2\repository\xerces\xercesImpl\2.9.1\xercesImpl-2.9.1.jar
MD5: f807f86d7d9db25edbfc782aca7ca2a9
SHA1: 7bc7e49ddfe4fb5f193ed37ecc96c12292c8ceb6
Referenced In Project:
dependency-plugin-tracker
Description: xml-commons provides an Apache-hosted set of DOM, SAX, and
JAXP interfaces for use in other xml-based projects. Our hope is that we
can standardize on both a common version and packaging scheme for these
critical XML standards interfaces to make the lives of both our developers
and users easier. The External Components portion of xml-commons contains
interfaces that are defined by external standards organizations. For DOM,
that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for
JAXP it's Sun.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\Jeremy\.m2\repository\xml-apis\xml-apis\1.0.b2\xml-apis-1.0.b2.jar
License:
Public Domain: http://www.xmlpull.org/v1/download/unpacked/LICENSE.txtFile Path: C:\Users\Jeremy\.m2\repository\xmlpull\xmlpull\1.1.3.1\xmlpull-1.1.3.1.jar
Description: XMLUnit compares a control XML document to a test document or the result of a transformation, validates documents, and compares the results of XPath expressions.
License:
BSD License: http://xmlunit.svn.sourceforge.net/viewvc/*checkout*/xmlunit/trunk/xmlunit/LICENSE.txtFile Path: C:\Users\Jeremy\.m2\repository\xmlunit\xmlunit\1.5\xmlunit-1.5.jar
Description: MXP1 is a stable XmlPull parsing engine that is based on ideas from XPP and in particular XPP2 but completely revised and rewritten to take the best advantage of latest JIT JVMs such as Hotspot in JDK 1.4+.
License:
Indiana University Extreme! Lab Software License, vesion 1.1.1: http://www.extreme.indiana.edu/viewcvs/~checkout~/XPP3/java/LICENSE.txt Public Domain: http://creativecommons.org/licenses/publicdomainFile Path: C:\Users\Jeremy\.m2\repository\xpp3\xpp3_min\1.1.4c\xpp3_min-1.1.4c.jar